Scribd
Upload
619 views1,473 pages

Windows 10 and Windows Server 2016 Policy Settings

This spreadsheet lists Group Policy settings for Windows 10, Windows Server 2016, and other Microsoft operating systems. It includes settings for computer and user configuration from Administrative Template files. The spreadsheet allows filtering settings by supported operating system, file name, or setting name. A legal notice provides information on copyright and trademarks.

Uploaded by

Aneek Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
619 views1,473 pages

Windows 10 and Windows Server 2016 Policy Settings

This spreadsheet lists Group Policy settings for Windows 10, Windows Server 2016, and other Microsoft operating systems. It includes settings for computer and user configuration from Administrative Template files. The spreadsheet allows filtering settings by supported operating system, file name, or setting name. A legal notice provides information on copyright and trademarks.

Uploaded by

Aneek Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 1473

Group Policy Settings Reference

Windows 10

This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and
Windows 10, version 1607. The policy settings included in this spreadsheet also cover Windows Server 2016, Windows 10, Windows Server 2
Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Wi
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (G

You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combinati
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on w
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Wind
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2

Legal Notice
This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change witho
Some examples depicted herein are provided for illustration only and are fictitious.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your in

2015 Microsoft Corporation. All rights reserved.

Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server,
and Windows Vista are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.


ministrative template files (.admx and .adml) delivered with
016, Windows 10, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or e
lier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
MC) to edit Group Policy Objects (GPOs).

, based on one value or a combination of values that are available


n headings to add additional filtering criteria within that column.
e value or combination of values on which you want to filter,
le for Windows Server 2012 or Windows 8, in the
least Microsoft Windows Server 2012 or Windows 8.

t Web site references, may change without notice.

y copy and use this document for your internal, reference purposes.
Windows Server 2003 with SP2 or earlier service packs,
File name Policy Setting Name
activexinstallservice.admx Approved Installation Sites for ActiveX Controls
activexinstallservice.admx Establish ActiveX installation policy for sites in Trusted zones
addremoveprograms.admx Go directly to Components Wizard
addremoveprograms.admx Hide Add New Programs page
addremoveprograms.admx Hide Add/Remove Windows Components page
addremoveprograms.admx Hide Change or Remove Programs page
addremoveprograms.admx Hide the "Add a program from CD-ROM or floppy disk" option
addremoveprograms.admx Hide the "Add programs from Microsoft" option
addremoveprograms.admx Hide the "Add programs from your network" option
addremoveprograms.admx Hide the Set Program Access and Defaults page
addremoveprograms.admx Remove Add or Remove Programs
addremoveprograms.admx Remove Support Information
addremoveprograms.admx Specify default category for Add New Programs
allowbuildpreview.admx Toggle user control over Insider builds
appcompat.admx Prevent access to 16-bit applications
appcompat.admx Remove Program Compatibility Property Page
appcompat.admx Turn off Application Compatibility Engine
appcompat.admx Turn off Application Telemetry
appcompat.admx Turn off Inventory Collector
appcompat.admx Turn off Program Compatibility Assistant
appcompat.admx Turn off Program Compatibility Assistant
appcompat.admx Turn off Steps Recorder
appcompat.admx Turn off SwitchBack Compatibility Engine
appprivacy.admx Let Windows apps access account information
appprivacy.admx Let Windows apps access account information
appprivacy.admx Let Windows apps access call history
appprivacy.admx Let Windows apps access contacts
appprivacy.admx Let Windows apps access email
appprivacy.admx Let Windows apps access location
appprivacy.admx Let Windows apps access messaging
appprivacy.admx Let Windows apps access motion
appprivacy.admx Let Windows apps access notifications
appprivacy.admx Let Windows apps access the calendar
appprivacy.admx Let Windows apps access the camera
appprivacy.admx Let Windows apps access the microphone
appprivacy.admx Let Windows apps access trusted devices
appprivacy.admx Let Windows apps control radios
appprivacy.admx Let Windows apps sync with devices
appv.admx Allow First Time Application Launches if on a High Cost Windows 8 Meter
appv.admx Certificate Filter For Client SSL
appv.admx Enable App-V Client
appv.admx Enable Dynamic Virtualization
appv.admx Enable Migration Mode
appv.admx Enable Package Scripts
appv.admx Enable Publishing Refresh UX
appv.admx Enable Support for BranchCache
appv.admx Integration Root Global
appv.admx Integration Root User
appv.admx Location Provider
appv.admx Microsoft Customer Experience Improvement Program (CEIP)
appv.admx Package Installation Root
appv.admx Package Source Root
appv.admx Publishing Server 1 Settings
appv.admx Publishing Server 2 Settings
appv.admx Publishing Server 3 Settings
appv.admx Publishing Server 4 Settings
appv.admx Publishing Server 5 Settings
appv.admx Reestablishment Interval
appv.admx Reestablishment Retries
appv.admx Reporting Server
appv.admx Require Publish As Admin
appv.admx Roaming File Exclusions
appv.admx Roaming Registry Exclusions
appv.admx Shared Content Store (SCS) mode
appv.admx Specify what to load in background (aka AutoLoad)
appv.admx Verify certificate revocation list
appv.admx Virtual Component Process Allow List
appxpackagemanager.admx Allow a Windows app to share application data between users
appxpackagemanager.admx Allow all trusted apps to install
appxpackagemanager.admx Allow deployment operations in special profiles
appxpackagemanager.admx Allows development of Windows Store apps and installing them from an i
appxpackagemanager.admx Disable installing Windows apps on non-system volumes
appxpackagemanager.admx Prevent users' app data from being stored on non-system volumes
appxruntime.admx Allow Microsoft accounts to be optional
appxruntime.admx Block launching desktop apps associated with a file.
appxruntime.admx Block launching desktop apps associated with a file.
appxruntime.admx Block launching desktop apps associated with a URI scheme
appxruntime.admx Block launching desktop apps associated with a URI scheme
appxruntime.admx Block launching Windows Store apps with Windows Runtime API access fr
appxruntime.admx Turn on dynamic Content URI Rules for Windows store apps
attachmentmanager.admx Default risk level for file attachments
attachmentmanager.admx Do not preserve zone information in file attachments
attachmentmanager.admx Hide mechanisms to remove zone information
attachmentmanager.admx Inclusion list for high risk file types
attachmentmanager.admx Inclusion list for low file types
attachmentmanager.admx Inclusion list for moderate risk file types
attachmentmanager.admx Notify antivirus programs when opening attachments
attachmentmanager.admx Trust logic for file attachments
auditsettings.admx Include command line in process creation events
autoplay.admx Disallow Autoplay for non-volume devices
autoplay.admx Disallow Autoplay for non-volume devices
autoplay.admx Prevent AutoPlay from remembering user choices.
autoplay.admx Prevent AutoPlay from remembering user choices.
autoplay.admx Set the default behavior for AutoRun
autoplay.admx Set the default behavior for AutoRun
autoplay.admx Turn off Autoplay
autoplay.admx Turn off Autoplay
avsvalidationgp.admx Control Device Reactivation for Retail devices
avsvalidationgp.admx Turn off KMS Client Online AVS Validation
biometrics.admx Allow domain users to log on using biometrics
biometrics.admx Allow the use of biometrics
biometrics.admx Allow users to log on using biometrics
biometrics.admx Specify timeout for fast user switching events
biometrics.admx Use enhanced anti-spoofing when available
bits.admx Allow BITS Peercaching
bits.admx Do not allow the BITS client to use Windows Branch Cache
bits.admx Do not allow the computer to act as a BITS Peercaching client
bits.admx Do not allow the computer to act as a BITS Peercaching server
bits.admx Limit the age of files in the BITS Peercache
bits.admx Limit the BITS Peercache size
bits.admx Limit the maximum BITS job download time
bits.admx Limit the maximum network bandwidth for BITS background transfers
bits.admx Limit the maximum network bandwidth used for Peercaching
bits.admx Limit the maximum number of BITS jobs for each user
bits.admx Limit the maximum number of BITS jobs for this computer
bits.admx Limit the maximum number of files allowed in a BITS job
bits.admx Limit the maximum number of ranges that can be added to the file in a BIT
bits.admx Set default download behavior for BITS jobs on costed networks
bits.admx Set up a maintenance schedule to limit the maximum network bandwidth u
bits.admx Set up a work schedule to limit the maximum network bandwidth used for
bits.admx Timeout for inactive BITS jobs
camera.admx Allow Use of Camera
ceipenable.admx Allow Corporate redirection of Customer Experience Improvement upload
ceipenable.admx Tag Windows Customer Experience Improvement data with Study Identifie
ciphersuiteorder.admx ECC Curve Order
ciphersuiteorder.admx SSL Cipher Suite Order
cloudcontent.admx Configure Windows spotlight on lock screen
cloudcontent.admx Do not show Windows Tips
cloudcontent.admx Turn off all Windows spotlight features
cloudcontent.admx Turn off Microsoft consumer experiences
com.admx Download missing COM components
com.admx Download missing COM components
conf.admx Allow persisting automatic acceptance of Calls
conf.admx Disable application Sharing
conf.admx Disable Audio
conf.admx Disable Chat
conf.admx Disable Directory services
conf.admx Disable full duplex Audio
conf.admx Disable NetMeeting 2.x Whiteboard
conf.admx Disable remote Desktop Sharing
conf.admx Disable the Advanced Calling button
conf.admx Disable Whiteboard
conf.admx Enable Automatic Configuration
conf.admx Hide the Audio page
conf.admx Hide the General page
conf.admx Hide the Security page
conf.admx Hide the Video page
conf.admx Limit the bandwidth of Audio and Video
conf.admx Limit the size of sent files
conf.admx Prevent adding Directory servers
conf.admx Prevent Application Sharing in true color
conf.admx Prevent automatic acceptance of Calls
conf.admx Prevent changing Call placement method
conf.admx Prevent changing DirectSound Audio setting
conf.admx Prevent Control
conf.admx Prevent Desktop Sharing
conf.admx Prevent receiving files
conf.admx Prevent receiving Video
conf.admx Prevent sending files
conf.admx Prevent sending Video
conf.admx Prevent Sharing
conf.admx Prevent Sharing Command Prompts
conf.admx Prevent Sharing Explorer windows
conf.admx Prevent viewing Web directory
conf.admx Set Call Security options
conf.admx Set the intranet support Web page
controlpanel.admx Always open All Control Panel Items when opening Control Panel
controlpanel.admx Hide specified Control Panel items
controlpanel.admx Prohibit access to Control Panel and PC settings
controlpanel.admx Show only specified Control Panel items
controlpaneldisplay.admx Disable the Display Control Panel
controlpaneldisplay.admx Do not display the lock screen
controlpaneldisplay.admx Enable screen saver
controlpaneldisplay.admx Force a specific background and accent color
controlpaneldisplay.admx Force a specific default lock screen and logon image
controlpaneldisplay.admx Force a specific Start background
controlpaneldisplay.admx Force a specific visual style file or force Windows Classic
controlpaneldisplay.admx Force specific screen saver
controlpaneldisplay.admx Hide Settings tab
controlpaneldisplay.admx Load a specific theme
controlpaneldisplay.admx Password protect the screen saver
controlpaneldisplay.admx Prevent changing color and appearance
controlpaneldisplay.admx Prevent changing color scheme
controlpaneldisplay.admx Prevent changing desktop background
controlpaneldisplay.admx Prevent changing desktop icons
controlpaneldisplay.admx Prevent changing lock screen and logon image
controlpaneldisplay.admx Prevent changing mouse pointers
controlpaneldisplay.admx Prevent changing screen saver
controlpaneldisplay.admx Prevent changing sounds
controlpaneldisplay.admx Prevent changing start menu background
controlpaneldisplay.admx Prevent changing theme
controlpaneldisplay.admx Prevent changing visual style for windows and buttons
controlpaneldisplay.admx Prevent enabling lock screen camera
controlpaneldisplay.admx Prevent enabling lock screen slide show
controlpaneldisplay.admx Prohibit selection of visual style font size
controlpaneldisplay.admx Screen saver timeout
cpls.admx Apply the default account picture to all users
credentialproviders.admx Allow users to select when a password is required when resuming from c
credentialproviders.admx Assign a default credential provider
credentialproviders.admx Assign a default domain for logon
credentialproviders.admx Exclude credential providers
credentialproviders.admx Turn off picture password sign-in
credentialproviders.admx Turn on convenience PIN sign-in
credssp.admx Allow delegating default credentials
credssp.admx Allow delegating default credentials with NTLM-only server authentication
credssp.admx Allow delegating fresh credentials
credssp.admx Allow delegating fresh credentials with NTLM-only server authentication
credssp.admx Allow delegating saved credentials
credssp.admx Allow delegating saved credentials with NTLM-only server authentication
credssp.admx Deny delegating default credentials
credssp.admx Deny delegating fresh credentials
credssp.admx Deny delegating saved credentials
credssp.admx Restrict delegation of credentials to remote servers
credui.admx Do not display the password reveal button
credui.admx Do not display the password reveal button
credui.admx Enumerate administrator accounts on elevation
credui.admx Require trusted path for credential entry
ctrlaltdel.admx Remove Change Password
ctrlaltdel.admx Remove Lock Computer
ctrlaltdel.admx Remove Logoff
ctrlaltdel.admx Remove Task Manager
datacollection.admx Allow Telemetry
datacollection.admx Allow Telemetry
datacollection.admx Configure Connected User Experiences and Telemetry
datacollection.admx Configure the Commercial ID
datacollection.admx Disable pre-release features or settings
dcom.admx Allow local activation security check exemptions
dcom.admx Define Activation Security Check exemptions
deliveryoptimization.admx Absolute Max Cache Size (in GB)
deliveryoptimization.admx Download Mode
deliveryoptimization.admx Group ID
deliveryoptimization.admx Max Cache Age (in seconds)
deliveryoptimization.admx Max Cache Size (Percentage)
deliveryoptimization.admx Max Upload Bandwidth (in KB/s)
deliveryoptimization.admx Maximum Download Bandwidth (in KB/s)
deliveryoptimization.admx Maximum Download Bandwidth (Percentage)
deliveryoptimization.admx Minimum Background QoS (in KB/s)
deliveryoptimization.admx Modify Cache Drive
deliveryoptimization.admx Monthly Upload Data Cap (in GB)
desktop.admx Add/Delete items
desktop.admx Allow only bitmapped wallpaper
desktop.admx Desktop Wallpaper
desktop.admx Disable Active Desktop
desktop.admx Disable all items
desktop.admx Do not add shares of recently opened documents to Network Locations
desktop.admx Don't save settings at exit
desktop.admx Enable Active Desktop
desktop.admx Enable filter in Find dialog box
desktop.admx Hide Active Directory folder
desktop.admx Hide and disable all items on the desktop
desktop.admx Hide Internet Explorer icon on desktop
desktop.admx Hide Network Locations icon on desktop
desktop.admx Maximum size of Active Directory searches
desktop.admx Prevent adding, dragging, dropping and closing the Taskbar's toolbars
desktop.admx Prohibit adding items
desktop.admx Prohibit adjusting desktop toolbars
desktop.admx Prohibit changes
desktop.admx Prohibit closing items
desktop.admx Prohibit deleting items
desktop.admx Prohibit editing items
desktop.admx Prohibit User from manually redirecting Profile Folders
desktop.admx Remove Computer icon on the desktop
desktop.admx Remove My Documents icon on the desktop
desktop.admx Remove Properties from the Computer icon context menu
desktop.admx Remove Properties from the Documents icon context menu
desktop.admx Remove Properties from the Recycle Bin context menu
desktop.admx Remove Recycle Bin icon from desktop
desktop.admx Remove the Desktop Cleanup Wizard
desktop.admx Turn off Aero Shake window minimizing mouse gesture
devicecompat.admx Device compatibility settings
devicecompat.admx Driver compatibility settings
devicecredential.admx Allow companion device for secondary authentication
deviceguard.admx Deploy Code Integrity Policy
deviceguard.admx Turn On Virtualization Based Security
deviceinstallation.admx Allow administrators to override Device Installation Restriction policies
deviceinstallation.admx Allow installation of devices that match any of these device IDs
deviceinstallation.admx Allow installation of devices using drivers that match these device setup c
deviceinstallation.admx Allow non-administrators to install drivers for these device setup classes
deviceinstallation.admx Allow remote access to the Plug and Play interface
deviceinstallation.admx Code signing for device drivers
deviceinstallation.admx Configure device installation time-out
deviceinstallation.admx Display a custom message title when device installation is prevented by a p
deviceinstallation.admx Display a custom message when installation is prevented by a policy settin
deviceinstallation.admx Prevent creation of a system restore point during device activity that wou
deviceinstallation.admx Prevent installation of devices not described by other policy settings
deviceinstallation.admx Prevent installation of devices that match any of these device IDs
deviceinstallation.admx Prevent installation of devices using drivers that match these device setup
deviceinstallation.admx Prevent installation of removable devices
deviceinstallation.admx Prioritize all digitally signed drivers equally during the driver ranking and
deviceinstallation.admx Time (in seconds) to force reboot when required for policy changes to take
deviceredirection.admx Prevent redirection of devices that match any of these device Ids
deviceredirection.admx Prevent redirection of USB devices
devicesetup.admx Configure driver search locations
devicesetup.admx Do not send a Windows error report when a generic driver is installed on
devicesetup.admx Prevent device metadata retrieval from the Internet
devicesetup.admx Prevent Windows from sending an error report when a device driver request
devicesetup.admx Specify search order for device driver source locations
devicesetup.admx Specify the search server for device driver updates
devicesetup.admx Turn off "Found New Hardware" balloons during device installation
devicesetup.admx Turn off Windows Update device driver search prompt
devicesetup.admx Turn off Windows Update device driver search prompt
dfs.admx Configure how often a DFS client discovers domain controllers
digitallocker.admx Do not allow Digital Locker to run
digitallocker.admx Do not allow Digital Locker to run
diskdiagnostic.admx Disk Diagnostic: Configure custom alert text
diskdiagnostic.admx Disk Diagnostic: Configure execution level
disknvcache.admx Turn off boot and resume optimizations
disknvcache.admx Turn off cache power mode
disknvcache.admx Turn off non-volatile cache feature
disknvcache.admx Turn off solid state mode
diskquota.admx Apply policy to removable media
diskquota.admx Enable disk quotas
diskquota.admx Enforce disk quota limit
diskquota.admx Log event when quota limit is exceeded
diskquota.admx Log event when quota warning level is exceeded
diskquota.admx Specify default quota limit and warning level
distributedlinktracking.admx Allow Distributed Link Tracking clients to use domain resources
dnsclient.admx Allow DNS suffix appending to unqualified multi-label name queries
dnsclient.admx Allow NetBT queries for fully qualified domain names
dnsclient.admx Connection-specific DNS suffix
dnsclient.admx DNS servers
dnsclient.admx DNS suffix search list
dnsclient.admx Dynamic update
dnsclient.admx IDN mapping
dnsclient.admx Prefer link local responses over DNS when received over a network with
dnsclient.admx Primary DNS suffix
dnsclient.admx Primary DNS suffix devolution
dnsclient.admx Primary DNS suffix devolution level
dnsclient.admx Register DNS records with connection-specific DNS suffix
dnsclient.admx Register PTR records
dnsclient.admx Registration refresh interval
dnsclient.admx Replace addresses in conflicts
dnsclient.admx TTL value for A and PTR records
dnsclient.admx Turn off IDN encoding
dnsclient.admx Turn off multicast name resolution
dnsclient.admx Turn off smart multi-homed name resolution
dnsclient.admx Turn off smart protocol reordering
dnsclient.admx Update security level
dnsclient.admx Update top level domain zones
dwm.admx Do not allow color changes
dwm.admx Do not allow color changes
dwm.admx Do not allow Flip3D invocation
dwm.admx Do not allow Flip3D invocation
dwm.admx Do not allow window animations
dwm.admx Do not allow window animations
dwm.admx Specify a default color
dwm.admx Specify a default color
dwm.admx Use solid color for Start background
eaime.admx Do not include Non-Publishing Standard Glyph in the candidate list
eaime.admx Restrict character code range of conversion
eaime.admx Turn off custom dictionary
eaime.admx Turn off history-based predictive input
eaime.admx Turn off Internet search integration
eaime.admx Turn off Open Extended Dictionary
eaime.admx Turn off saving auto-tuning data to file
eaime.admx Turn on cloud candidate
eaime.admx Turn on cloud candidate for CHS
eaime.admx Turn on misconversion logging for misconversion report
earlylauncham.admx Boot-Start Driver Initialization Policy
edgeui.admx Allow edge swipe
edgeui.admx Allow edge swipe
edgeui.admx Disable help tips
edgeui.admx Disable help tips
edgeui.admx Do not show recent apps when the mouse is pointing to the upper-left cor
edgeui.admx Prevent users from replacing the Command Prompt with Windows PowerShel
edgeui.admx Search, Share, Start, Devices, and Settings don't appear when the mouse is
edgeui.admx Turn off switching between recent apps
edgeui.admx Turn off tracking of app usage
encryptfilesonmove.admx Do not automatically encrypt files moved to encrypted folders
enhancedstorage.admx Allow only USB root hub connected Enhanced Storage devices
enhancedstorage.admx Configure list of Enhanced Storage devices usable on your computer
enhancedstorage.admx Configure list of IEEE 1667 silos usable on your computer
enhancedstorage.admx Do not allow non-Enhanced Storage removable devices
enhancedstorage.admx Do not allow password authentication of Enhanced Storage devices
enhancedstorage.admx Do not allow Windows to activate Enhanced Storage devices
enhancedstorage.admx Lock Enhanced Storage when the computer is locked
errorreporting.admx Automatically send memory dumps for OS-generated error reports
errorreporting.admx Automatically send memory dumps for OS-generated error reports
errorreporting.admx Configure Corporate Windows Error Reporting
errorreporting.admx Configure Default consent
errorreporting.admx Configure Default consent
errorreporting.admx Configure Error Reporting
errorreporting.admx Configure Report Archive
errorreporting.admx Configure Report Archive
errorreporting.admx Configure Report Queue
errorreporting.admx Configure Report Queue
errorreporting.admx Customize consent settings
errorreporting.admx Customize consent settings
errorreporting.admx Default application reporting settings
errorreporting.admx Disable logging
errorreporting.admx Disable logging
errorreporting.admx Disable Windows Error Reporting
errorreporting.admx Disable Windows Error Reporting
errorreporting.admx Display Error Notification
errorreporting.admx Do not send additional data
errorreporting.admx Do not send additional data
errorreporting.admx Do not throttle additional data
errorreporting.admx Do not throttle additional data
errorreporting.admx Ignore custom consent settings
errorreporting.admx Ignore custom consent settings
errorreporting.admx List of applications to always report errors for
errorreporting.admx List of applications to be excluded
errorreporting.admx List of applications to be excluded
errorreporting.admx List of applications to never report errors for
errorreporting.admx Prevent display of the user interface for critical errors
errorreporting.admx Report operating system errors
errorreporting.admx Send additional data when on battery power
errorreporting.admx Send additional data when on battery power
errorreporting.admx Send data when on connected to a restricted/costed network
errorreporting.admx Send data when on connected to a restricted/costed network
eventforwarding.admx Configure forwarder resource usage
eventforwarding.admx Configure target Subscription Manager
eventlog.admx Back up log automatically when full
eventlog.admx Back up log automatically when full
eventlog.admx Back up log automatically when full
eventlog.admx Back up log automatically when full
eventlog.admx Configure log access
eventlog.admx Configure log access
eventlog.admx Configure log access
eventlog.admx Configure log access
eventlog.admx Configure log access (legacy)
eventlog.admx Configure log access (legacy)
eventlog.admx Configure log access (legacy)
eventlog.admx Configure log access (legacy)
eventlog.admx Control Event Log behavior when the log file reaches its maximum size
eventlog.admx Control Event Log behavior when the log file reaches its maximum size
eventlog.admx Control Event Log behavior when the log file reaches its maximum size
eventlog.admx Control Event Log behavior when the log file reaches its maximum size
eventlog.admx Control the location of the log file
eventlog.admx Control the location of the log file
eventlog.admx Control the location of the log file
eventlog.admx Control the location of the log file
eventlog.admx Specify the maximum log file size (KB)
eventlog.admx Specify the maximum log file size (KB)
eventlog.admx Specify the maximum log file size (KB)
eventlog.admx Specify the maximum log file size (KB)
eventlog.admx Turn on logging
eventlogging.admx Enable Protected Event Logging
eventviewer.admx Events.asp program
eventviewer.admx Events.asp program command line parameters
eventviewer.admx Events.asp URL
explorer.admx Display the menu bar in File Explorer
explorer.admx Do not reinitialize a pre-existing roamed user profile when it is loaded on
explorer.admx Prevent users from adding files to the root of their Users Files folder.
explorer.admx Set a support web page link
explorer.admx Turn off common control and window animations
explorer.admx Turn off Data Execution Prevention for Explorer
explorer.admx Turn off heap termination on corruption
externalboot.admx Allow hibernate (S4) when starting from a Windows To Go workspace
externalboot.admx Disallow standby sleep states (S1-S3) when starting from a Windows to G
externalboot.admx Windows To Go Default Startup Options
feedbacknotifications.admx Do not show feedback notifications
filehistory.admx Turn off File History
filerecovery.admx Configure Corrupted File Recovery behavior
filerevocation.admx Allow Windows Runtime apps to revoke enterprise data
fileservervssprovider.admx Allow or Disallow use of encryption to protect the RPC protocol messages
filesys.admx Disable delete notifications on all volumes
filesys.admx Do not allow compression on all NTFS volumes
filesys.admx Do not allow encryption on all NTFS volumes
filesys.admx Enable / disable TXF deprecated features
filesys.admx Enable NTFS pagefile encryption
filesys.admx Enable Win32 long paths
filesys.admx Selectively allow the evaluation of a symbolic link
filesys.admx Short name creation options
folderredirection.admx Do not automatically make all redirected folders available offline
folderredirection.admx Do not automatically make specific redirected folders available offline
folderredirection.admx Enable optimized move of contents in Offline Files cache on Folder Redire
folderredirection.admx Redirect folders on primary computers only
folderredirection.admx Redirect folders on primary computers only
folderredirection.admx Use localized subfolder names when redirecting Start Menu and My Docu
folderredirection.admx Use localized subfolder names when redirecting Start Menu and My Docu
framepanes.admx Turn off Preview Pane
framepanes.admx Turn on or off details pane
fthsvc.admx Configure Scenario Execution Level
gameexplorer.admx Turn off downloading of game information
gameexplorer.admx Turn off game updates
gameexplorer.admx Turn off tracking of last play time of games in the Games folder
globalization.admx Allow input personalization
globalization.admx Block clean-up of unused language packs
globalization.admx Century interpretation for Year 2000
globalization.admx Disallow changing of geographic location
globalization.admx Disallow changing of geographic location
globalization.admx Disallow copying of user input methods to the system account for sign-in
globalization.admx Disallow selection of Custom Locales
globalization.admx Disallow selection of Custom Locales
globalization.admx Disallow user override of locale settings
globalization.admx Disallow user override of locale settings
globalization.admx Force selected system UI language to overwrite the user UI language
globalization.admx Hide Regional and Language Options administrative options
globalization.admx Hide the geographic location option
globalization.admx Hide the select language group options
globalization.admx Hide user locale selection and customization options
globalization.admx Restrict selection of Windows menus and dialogs language
globalization.admx Restrict system locales
globalization.admx Restrict user locales
globalization.admx Restrict user locales
globalization.admx Restricts the UI language Windows uses for all logged users
globalization.admx Restricts the UI languages Windows should use for the selected user
globalization.admx Turn off autocorrect misspelled words
globalization.admx Turn off automatic learning
globalization.admx Turn off automatic learning
globalization.admx Turn off highlight misspelled words
globalization.admx Turn off insert a space after selecting a text prediction
globalization.admx Turn off offer text predictions as I type
grouppolicy.admx Allow cross-forest user policy and roaming user profiles
grouppolicy.admx Always use local ADM files for Group Policy Object Editor
grouppolicy.admx Change Group Policy processing to run asynchronously when a slow networ
grouppolicy.admx Configure Direct Access connections as a fast network connection
grouppolicy.admx Configure disk quota policy processing
grouppolicy.admx Configure EFS recovery policy processing
grouppolicy.admx Configure folder redirection policy processing
grouppolicy.admx Configure Group Policy Caching
grouppolicy.admx Configure Group Policy domain controller selection
grouppolicy.admx Configure Group Policy slow link detection
grouppolicy.admx Configure Group Policy slow link detection
grouppolicy.admx Configure Internet Explorer Maintenance policy processing
grouppolicy.admx Configure IP security policy processing
grouppolicy.admx Configure Logon Script Delay
grouppolicy.admx Configure registry policy processing
grouppolicy.admx Configure scripts policy processing
grouppolicy.admx Configure security policy processing
grouppolicy.admx Configure software Installation policy processing
grouppolicy.admx Configure user Group Policy loopback processing mode
grouppolicy.admx Configure wired policy processing
grouppolicy.admx Configure wireless policy processing
grouppolicy.admx Continue experiences on this device
grouppolicy.admx Create new Group Policy Object links disabled by default
grouppolicy.admx Determine if interactive users can generate Resultant Set of Policy data
grouppolicy.admx Determine if interactive users can generate Resultant Set of Policy data
grouppolicy.admx Enable AD/DFS domain controller synchronization during policy refresh
grouppolicy.admx Enable Font Providers
grouppolicy.admx Enable Group Policy Caching for Servers
grouppolicy.admx Enforce Show Policies Only
grouppolicy.admx Process Mitigation Options
grouppolicy.admx Process Mitigation Options
grouppolicy.admx Remove users' ability to invoke machine policy refresh
grouppolicy.admx Set default name for new Group Policy objects
grouppolicy.admx Set Group Policy refresh interval for computers
grouppolicy.admx Set Group Policy refresh interval for domain controllers
grouppolicy.admx Set Group Policy refresh interval for users
grouppolicy.admx Specify startup policy processing wait time
grouppolicy.admx Specify workplace connectivity wait time for policy processing
grouppolicy.admx Turn off automatic update of ADM files
grouppolicy.admx Turn off background refresh of Group Policy
grouppolicy.admx Turn off Group Policy Client Service AOAC optimization
grouppolicy.admx Turn off Local Group Policy Objects processing
grouppolicy.admx Turn off Resultant Set of Policy logging
grouppolicy.admx Untrusted Font Blocking
grouppolicypreferences.admx Configure Applications preference extension policy processing
grouppolicypreferences.admx Configure Applications preference logging and tracing
grouppolicypreferences.admx Configure Data Sources preference extension policy processing
grouppolicypreferences.admx Configure Data Sources preference logging and tracing
grouppolicypreferences.admx Configure Devices preference extension policy processing
grouppolicypreferences.admx Configure Devices preference logging and tracing
grouppolicypreferences.admx Configure Drive Maps preference extension policy processing
grouppolicypreferences.admx Configure Drive Maps preference logging and tracing
grouppolicypreferences.admx Configure Environment preference extension policy processing
grouppolicypreferences.admx Configure Environment preference logging and tracing
grouppolicypreferences.admx Configure Files preference extension policy processing
grouppolicypreferences.admx Configure Files preference logging and tracing
grouppolicypreferences.admx Configure Folder Options preference extension policy processing
grouppolicypreferences.admx Configure Folder Options preference logging and tracing
grouppolicypreferences.admx Configure Folders preference extension policy processing
grouppolicypreferences.admx Configure Folders preference logging and tracing
grouppolicypreferences.admx Configure Ini Files preference extension policy processing
grouppolicypreferences.admx Configure Ini Files preference logging and tracing
grouppolicypreferences.admx Configure Internet Settings preference extension policy processing
grouppolicypreferences.admx Configure Internet Settings preference logging and tracing
grouppolicypreferences.admx Configure Local Users and Groups preference extension policy processing
grouppolicypreferences.admx Configure Local Users and Groups preference logging and tracing
grouppolicypreferences.admx Configure Network Options preference extension policy processing
grouppolicypreferences.admx Configure Network Options preference logging and tracing
grouppolicypreferences.admx Configure Network Shares preference extension policy processing
grouppolicypreferences.admx Configure Network Shares preference logging and tracing
grouppolicypreferences.admx Configure Power Options preference extension policy processing
grouppolicypreferences.admx Configure Power Options preference logging and tracing
grouppolicypreferences.admx Configure Printers preference extension policy processing
grouppolicypreferences.admx Configure Printers preference logging and tracing
grouppolicypreferences.admx Configure Regional Options preference extension policy processing
grouppolicypreferences.admx Configure Regional Options preference logging and tracing
grouppolicypreferences.admx Configure Registry preference extension policy processing
grouppolicypreferences.admx Configure Registry preference logging and tracing
grouppolicypreferences.admx Configure Scheduled Tasks preference extension policy processing
grouppolicypreferences.admx Configure Scheduled Tasks preference logging and tracing
grouppolicypreferences.admx Configure Services preference extension policy processing
grouppolicypreferences.admx Configure Services preference logging and tracing
grouppolicypreferences.admx Configure Shortcuts preference extension policy processing
grouppolicypreferences.admx Configure Shortcuts preference logging and tracing
grouppolicypreferences.admx Configure Start Menu preference extension policy processing
grouppolicypreferences.admx Configure Start Menu preference logging and tracing
grouppolicypreferences.admx Permit use of Application snap-ins
grouppolicypreferences.admx Permit use of Applications preference extension
grouppolicypreferences.admx Permit use of Control Panel Settings (Computers)
grouppolicypreferences.admx Permit use of Control Panel Settings (Users)
grouppolicypreferences.admx Permit use of Data Sources preference extension
grouppolicypreferences.admx Permit use of Devices preference extension
grouppolicypreferences.admx Permit use of Drive Maps preference extension
grouppolicypreferences.admx Permit use of Environment preference extension
grouppolicypreferences.admx Permit use of Files preference extension
grouppolicypreferences.admx Permit use of Folder Options preference extension
grouppolicypreferences.admx Permit use of Folders preference extension
grouppolicypreferences.admx Permit use of Ini Files preference extension
grouppolicypreferences.admx Permit use of Internet Settings preference extension
grouppolicypreferences.admx Permit use of Local Users and Groups preference extension
grouppolicypreferences.admx Permit use of Network Options preference extension
grouppolicypreferences.admx Permit use of Network Shares preference extension
grouppolicypreferences.admx Permit use of Power Options preference extension
grouppolicypreferences.admx Permit use of Preferences tab
grouppolicypreferences.admx Permit use of Printers preference extension
grouppolicypreferences.admx Permit use of Regional Options preference extension
grouppolicypreferences.admx Permit use of Registry preference extension
grouppolicypreferences.admx Permit use of Scheduled Tasks preference extension
grouppolicypreferences.admx Permit use of Services preference extension
grouppolicypreferences.admx Permit use of Shortcuts preference extension
grouppolicypreferences.admx Permit use of Start Menu preference extension
grouppolicy-server.admx Allow asynchronous user Group Policy processing when logging on throug
help.admx Restrict potentially unsafe HTML Help functions to specified folders
help.admx Restrict these programs from being launched from Help
help.admx Restrict these programs from being launched from Help
help.admx Turn off Data Execution Prevention for HTML Help Executible
helpandsupport.admx Turn off Active Help
helpandsupport.admx Turn off Help Experience Improvement Program
helpandsupport.admx Turn off Help Ratings
helpandsupport.admx Turn off Windows Online
hotspotauth.admx Enable Hotspot Authentication
icm.admx Restrict Internet communication
icm.admx Restrict Internet communication
icm.admx Turn off access to all Windows Update features
icm.admx Turn off access to the Store
icm.admx Turn off access to the Store
icm.admx Turn off Automatic Root Certificates Update
icm.admx Turn off downloading of print drivers over HTTP
icm.admx Turn off downloading of print drivers over HTTP
icm.admx Turn off Event Viewer "Events.asp" links
icm.admx Turn off Help and Support Center "Did you know?" content
icm.admx Turn off Help and Support Center Microsoft Knowledge Base search
icm.admx Turn off Internet Connection Wizard if URL connection is referring to Micr
icm.admx Turn off Internet download for Web publishing and online ordering wizard
icm.admx Turn off Internet download for Web publishing and online ordering wizard
icm.admx Turn off Internet File Association service
icm.admx Turn off Internet File Association service
icm.admx Turn off printing over HTTP
icm.admx Turn off printing over HTTP
icm.admx Turn off Registration if URL connection is referring to Microsoft.com
icm.admx Turn off Search Companion content file updates
icm.admx Turn off the "Order Prints" picture task
icm.admx Turn off the "Order Prints" picture task
icm.admx Turn off the "Publish to Web" task for files and folders
icm.admx Turn off the "Publish to Web" task for files and folders
icm.admx Turn off the Windows Messenger Customer Experience Improvement Pro
icm.admx Turn off the Windows Messenger Customer Experience Improvement Pro
icm.admx Turn off Windows Customer Experience Improvement Program
icm.admx Turn off Windows Error Reporting
icm.admx Turn off Windows Network Connectivity Status Indicator active tests
icm.admx Turn off Windows Update device driver searching
iis.admx Prevent IIS installation
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Access data sources across domains
inetres.admx Add a specific list of search providers to the user's list of search providers
inetres.admx Add a specific list of search providers to the user's list of search providers
inetres.admx Add default Accelerators
inetres.admx Add default Accelerators
inetres.admx Add non-default Accelerators
inetres.admx Add non-default Accelerators
inetres.admx Add-on List
inetres.admx Add-on List
inetres.admx Admin-approved behaviors
inetres.admx Admin-approved behaviors
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx All Processes
inetres.admx Allow active content from CDs to run on user machines
inetres.admx Allow active content from CDs to run on user machines
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow active scripting
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow binary and script behaviors
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow cut, copy or paste operations from the clipboard via script
inetres.admx Allow deleting browsing history on exit
inetres.admx Allow deleting browsing history on exit
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Allow fallback to SSL 3.0 (Internet Explorer)
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow file downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow font downloads
inetres.admx Allow Install On Demand (except Internet Explorer)
inetres.admx Allow Install On Demand (except Internet Explorer)
inetres.admx Allow Install On Demand (Internet Explorer)
inetres.admx Allow Install On Demand (Internet Explorer)
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow installation of desktop items
inetres.admx Allow Internet Explorer 8 shutdown behavior
inetres.admx Allow Internet Explorer 8 shutdown behavior
inetres.admx Allow Internet Explorer to play media files that use alternative codecs
inetres.admx Allow Internet Explorer to play media files that use alternative codecs
inetres.admx Allow Internet Explorer to use the HTTP2 network protocol
inetres.admx Allow Internet Explorer to use the HTTP2 network protocol
inetres.admx Allow Internet Explorer to use the SPDY/3 network protocol
inetres.admx Allow Internet Explorer to use the SPDY/3 network protocol
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow loading of XPS files
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow META REFRESH
inetres.admx Allow Microsoft services to provide enhanced suggestions as the user type
inetres.admx Allow Microsoft services to provide enhanced suggestions as the user type
inetres.admx Allow native XMLHTTP support
inetres.admx Allow native XMLHTTP support
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow only approved domains to use the TDC ActiveX control
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow scriptlets
inetres.admx Allow software to run or install even if the signature is invalid
inetres.admx Allow software to run or install even if the signature is invalid
inetres.admx Allow the display of image download placeholders
inetres.admx Allow third-party browser extensions
inetres.admx Allow third-party browser extensions
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow updates to status bar via script
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow websites to store application caches on client computers
inetres.admx Allow websites to store application caches on client computers
inetres.admx Allow websites to store indexed databases on client computers
inetres.admx Allow websites to store indexed databases on client computers
inetres.admx Always send Do Not Track header
inetres.admx Always send Do Not Track header
inetres.admx Audio/Video Player
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatic prompting for file downloads
inetres.admx Automatically activate newly installed add-ons
inetres.admx Automatically activate newly installed add-ons
inetres.admx Automatically check for Internet Explorer updates
inetres.admx Automatically check for Internet Explorer updates
inetres.admx Bypass prompting for Clipboard access for scripts running in any process
inetres.admx Bypass prompting for Clipboard access for scripts running in any process
inetres.admx Bypass prompting for Clipboard access for scripts running in the Internet
inetres.admx Bypass prompting for Clipboard access for scripts running in the Internet
inetres.admx Carpoint
inetres.admx Change the maximum number of connections per host (HTTP 1.1)
inetres.admx Change the maximum number of connections per host (HTTP 1.1)
inetres.admx Check for server certificate revocation
inetres.admx Check for server certificate revocation
inetres.admx Check for signatures on downloaded programs
inetres.admx Check for signatures on downloaded programs
inetres.admx Configure Media Explorer Bar
inetres.admx Configure Outlook Express
inetres.admx Configure Toolbar Buttons
inetres.admx Customize command labels
inetres.admx Customize command labels
inetres.admx Customize user agent string
inetres.admx Customize user agent string
inetres.admx Define applications and processes that can access the Clipboard without
inetres.admx Define applications and processes that can access the Clipboard without
inetres.admx Deny all add-ons unless specifically allowed in the Add-on List
inetres.admx Deny all add-ons unless specifically allowed in the Add-on List
inetres.admx DHTML Edit Control
inetres.admx Disable "Configuring History"
inetres.admx Disable "Configuring History"
inetres.admx Disable adding channels
inetres.admx Disable adding schedules for offline pages
inetres.admx Disable all scheduled offline pages
inetres.admx Disable AutoComplete for forms
inetres.admx Disable Automatic Install of Internet Explorer components
inetres.admx Disable caching of Auto-Proxy scripts
inetres.admx Disable changing accessibility settings
inetres.admx Disable changing Advanced page settings
inetres.admx Disable changing Automatic Configuration settings
inetres.admx Disable changing Automatic Configuration settings
inetres.admx Disable changing Calendar and Contact settings
inetres.admx Disable changing certificate settings
inetres.admx Disable changing color settings
inetres.admx Disable changing connection settings
inetres.admx Disable changing connection settings
inetres.admx Disable changing default browser check
inetres.admx Disable changing font settings
inetres.admx Disable changing home page settings
inetres.admx Disable changing language settings
inetres.admx Disable changing link color settings
inetres.admx Disable changing Messaging settings
inetres.admx Disable changing Profile Assistant settings
inetres.admx Disable changing ratings settings
inetres.admx Disable changing secondary home page settings
inetres.admx Disable changing secondary home page settings
inetres.admx Disable changing Temporary Internet files settings
inetres.admx Disable channel user interface completely
inetres.admx Disable customizing browser toolbar buttons
inetres.admx Disable customizing browser toolbars
inetres.admx Disable downloading of site subscription content
inetres.admx Disable editing and creating of schedule groups
inetres.admx Disable editing schedules for offline pages
inetres.admx Disable external branding of Internet Explorer
inetres.admx Disable Import/Export Settings wizard
inetres.admx Disable Import/Export Settings wizard
inetres.admx Disable Internet Connection wizard
inetres.admx Disable offline page hit logging
inetres.admx Disable Open in New Window menu option
inetres.admx Disable Periodic Check for Internet Explorer software updates
inetres.admx Disable removing channels
inetres.admx Disable removing schedules for offline pages
inetres.admx Disable Save this program to disk option
inetres.admx Disable showing the splash screen
inetres.admx Disable software update shell notifications on program launch
inetres.admx Disable the Advanced page
inetres.admx Disable the Advanced page
inetres.admx Disable the Connections page
inetres.admx Disable the Connections page
inetres.admx Disable the Content page
inetres.admx Disable the Content page
inetres.admx Disable the General page
inetres.admx Disable the General page
inetres.admx Disable the Privacy page
inetres.admx Disable the Privacy page
inetres.admx Disable the Programs page
inetres.admx Disable the Programs page
inetres.admx Disable the Reset Web Settings feature
inetres.admx Disable the Security page
inetres.admx Disable the Security page
inetres.admx Display error message on proxy script download failure
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display mixed content
inetres.admx Display tabs on a separate row
inetres.admx Display tabs on a separate row
inetres.admx Do not allow ActiveX controls to run in Protected Mode when Enhanced P
inetres.admx Do not allow ActiveX controls to run in Protected Mode when Enhanced P
inetres.admx Do not allow resetting Internet Explorer settings
inetres.admx Do not allow resetting Internet Explorer settings
inetres.admx Do not allow users to enable or disable add-ons
inetres.admx Do not allow users to enable or disable add-ons
inetres.admx Do not display the reveal password button
inetres.admx Do not display the reveal password button
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Do not save encrypted pages to disk
inetres.admx Do not save encrypted pages to disk
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download signed ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Empty Temporary Internet Files folder when browser is closed
inetres.admx Empty Temporary Internet Files folder when browser is closed
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enable MIME Sniffing
inetres.admx Enforce full-screen mode
inetres.admx Enforce full-screen mode
inetres.admx Establish InPrivate Filtering threshold
inetres.admx Establish InPrivate Filtering threshold
inetres.admx Establish Tracking Protection threshold
inetres.admx Establish Tracking Protection threshold
inetres.admx File menu: Disable closing the browser and Explorer windows
inetres.admx File menu: Disable New menu option
inetres.admx File menu: Disable Open menu option
inetres.admx File menu: Disable Save As Web Page Complete
inetres.admx File menu: Disable Save As... menu option
inetres.admx File size limits for Internet zone
inetres.admx File size limits for Intranet zone
inetres.admx File size limits for Local Machine zone
inetres.admx File size limits for Restricted Sites zone
inetres.admx File size limits for Trusted Sites zone
inetres.admx Go to an intranet site for a one-word entry in the Address bar
inetres.admx Go to an intranet site for a one-word entry in the Address bar
inetres.admx Help menu: Remove 'For Netscape Users' menu option
inetres.admx Help menu: Remove 'Send Feedback' menu option
inetres.admx Help menu: Remove 'Tip of the Day' menu option
inetres.admx Help menu: Remove 'Tour' menu option
inetres.admx Hide Favorites menu
inetres.admx Hide the Command bar
inetres.admx Hide the Command bar
inetres.admx Hide the status bar
inetres.admx Hide the status bar
inetres.admx Identity Manager: Prevent users from using Identities
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include local path when user is uploading files to a server
inetres.admx Include updated website lists from Microsoft
inetres.admx Include updated website lists from Microsoft
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Install binaries signed by MD2 and MD4 signing technologies
inetres.admx Install binaries signed by MD2 and MD4 signing technologies
inetres.admx Install new versions of Internet Explorer automatically
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Explorer Processes
inetres.admx Internet Zone Restricted Protocols
inetres.admx Internet Zone Restricted Protocols
inetres.admx Internet Zone Template
inetres.admx Internet Zone Template
inetres.admx Intranet Sites: Include all local (intranet) sites not listed in other zones
inetres.admx Intranet Sites: Include all local (intranet) sites not listed in other zones
inetres.admx Intranet Sites: Include all network paths (UNCs)
inetres.admx Intranet Sites: Include all network paths (UNCs)
inetres.admx Intranet Sites: Include all sites that bypass the proxy server
inetres.admx Intranet Sites: Include all sites that bypass the proxy server
inetres.admx Intranet Zone Restricted Protocols
inetres.admx Intranet Zone Restricted Protocols
inetres.admx Intranet Zone Template
inetres.admx Intranet Zone Template
inetres.admx Investor
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Java permissions
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Launching applications and files in an IFRAME
inetres.admx Let users turn on and use Enterprise Mode from the Tools menu
inetres.admx Let users turn on and use Enterprise Mode from the Tools menu
inetres.admx Limit Site Discovery output by Domain
inetres.admx Limit Site Discovery output by Domain
inetres.admx Limit Site Discovery output by Zone
inetres.admx Limit Site Discovery output by Zone
inetres.admx Local Machine Zone Restricted Protocols
inetres.admx Local Machine Zone Restricted Protocols
inetres.admx Local Machine Zone Template
inetres.admx Local Machine Zone Template
inetres.admx Lock all toolbars
inetres.admx Lock all toolbars
inetres.admx Lock location of Stop and Refresh buttons
inetres.admx Lock location of Stop and Refresh buttons
inetres.admx Locked-Down Internet Zone Template
inetres.admx Locked-Down Internet Zone Template
inetres.admx Locked-Down Intranet Zone Template
inetres.admx Locked-Down Intranet Zone Template
inetres.admx Locked-Down Local Machine Zone Template
inetres.admx Locked-Down Local Machine Zone Template
inetres.admx Locked-Down Restricted Sites Zone Template
inetres.admx Locked-Down Restricted Sites Zone Template
inetres.admx Locked-Down Trusted Sites Zone Template
inetres.admx Locked-Down Trusted Sites Zone Template
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Logon options
inetres.admx Make proxy settings per-machine (rather than per-user)
inetres.admx Maximum number of connections per server (HTTP 1.0)
inetres.admx Maximum number of connections per server (HTTP 1.0)
inetres.admx Menu Controls
inetres.admx Microsoft Agent
inetres.admx Microsoft Chat
inetres.admx Microsoft Scriptlet Component
inetres.admx Microsoft Survey Control
inetres.admx MSNBC
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx Navigate windows and frames across different domains
inetres.admx NetShow File Transfer Control
inetres.admx Notify users if Internet Explorer is not the default web browser
inetres.admx Open Internet Explorer tiles on the desktop
inetres.admx Open Internet Explorer tiles on the desktop
inetres.admx Play animations in web pages
inetres.admx Play animations in web pages
inetres.admx Play sounds in web pages
inetres.admx Play sounds in web pages
inetres.admx Play videos in web pages
inetres.admx Play videos in web pages
inetres.admx Pop-up allow list
inetres.admx Pop-up allow list
inetres.admx Position the menu bar above the navigation bar
inetres.admx Prevent "Fix settings" functionality
inetres.admx Prevent "Fix settings" functionality
inetres.admx Prevent access to Delete Browsing History
inetres.admx Prevent access to Delete Browsing History
inetres.admx Prevent access to feed list
inetres.admx Prevent access to feed list
inetres.admx Prevent access to Internet Explorer Help
inetres.admx Prevent access to Internet Explorer Help
inetres.admx Prevent automatic discovery of feeds and Web Slices
inetres.admx Prevent automatic discovery of feeds and Web Slices
inetres.admx Prevent bypassing SmartScreen Filter warnings
inetres.admx Prevent bypassing SmartScreen Filter warnings
inetres.admx Prevent bypassing SmartScreen Filter warnings about files that are not
inetres.admx Prevent bypassing SmartScreen Filter warnings about files that are not
inetres.admx Prevent changing pop-up filter level
inetres.admx Prevent changing pop-up filter level
inetres.admx Prevent changing proxy settings
inetres.admx Prevent changing proxy settings
inetres.admx Prevent changing the default search provider
inetres.admx Prevent changing the default search provider
inetres.admx Prevent changing the URL for checking updates to Internet Explorer and In
inetres.admx Prevent choosing default text size
inetres.admx Prevent configuration of how windows open
inetres.admx Prevent configuration of how windows open
inetres.admx Prevent configuration of new tab creation
inetres.admx Prevent configuration of new tab creation
inetres.admx Prevent configuration of search on Address bar
inetres.admx Prevent configuration of search on Address bar
inetres.admx Prevent configuration of top-result search on Address bar
inetres.admx Prevent configuration of top-result search on Address bar
inetres.admx Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track d
inetres.admx Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track d
inetres.admx Prevent deleting cookies
inetres.admx Prevent deleting cookies
inetres.admx Prevent deleting download history
inetres.admx Prevent deleting download history
inetres.admx Prevent deleting favorites site data
inetres.admx Prevent deleting favorites site data
inetres.admx Prevent deleting form data
inetres.admx Prevent deleting form data
inetres.admx Prevent deleting InPrivate Filtering data
inetres.admx Prevent deleting InPrivate Filtering data
inetres.admx Prevent deleting passwords
inetres.admx Prevent deleting passwords
inetres.admx Prevent deleting temporary Internet files
inetres.admx Prevent deleting temporary Internet files
inetres.admx Prevent deleting websites that the user has visited
inetres.admx Prevent deleting websites that the user has visited
inetres.admx Prevent downloading of enclosures
inetres.admx Prevent downloading of enclosures
inetres.admx Prevent ignoring certificate errors
inetres.admx Prevent ignoring certificate errors
inetres.admx Prevent Internet Explorer Search box from appearing
inetres.admx Prevent Internet Explorer Search box from appearing
inetres.admx Prevent managing pop-up exception list
inetres.admx Prevent managing pop-up exception list
inetres.admx Prevent managing SmartScreen Filter
inetres.admx Prevent managing SmartScreen Filter
inetres.admx Prevent managing the phishing filter
inetres.admx Prevent managing the phishing filter
inetres.admx Prevent participation in the Customer Experience Improvement Program
inetres.admx Prevent participation in the Customer Experience Improvement Program
inetres.admx Prevent per-user installation of ActiveX controls
inetres.admx Prevent per-user installation of ActiveX controls
inetres.admx Prevent running First Run wizard
inetres.admx Prevent running First Run wizard
inetres.admx Prevent specifying background color
inetres.admx Prevent specifying cipher strength update information URLs
inetres.admx Prevent specifying text color
inetres.admx Prevent specifying the code download path for each computer
inetres.admx Prevent specifying the color of links that have already been clicked
inetres.admx Prevent specifying the color of links that have not yet been clicked
inetres.admx Prevent specifying the hover color
inetres.admx Prevent specifying the update check interval (in days)
inetres.admx Prevent subscribing to or deleting a feed or a Web Slice
inetres.admx Prevent subscribing to or deleting a feed or a Web Slice
inetres.admx Prevent the computer from loading toolbars and Browser Helper Objects w
inetres.admx Prevent the computer from loading toolbars and Browser Helper Objects w
inetres.admx Prevent the deletion of temporary Internet files and cookies
inetres.admx Prevent the deletion of temporary Internet files and cookies
inetres.admx Prevent the use of Windows colors
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Process List
inetres.admx Remove "Run this time" button for outdated ActiveX controls in Internet E
inetres.admx Remove "Run this time" button for outdated ActiveX controls in Internet E
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Render legacy filters
inetres.admx Restrict Accelerators to those deployed through Group Policy
inetres.admx Restrict Accelerators to those deployed through Group Policy
inetres.admx Restrict search providers to a specific list
inetres.admx Restrict search providers to a specific list
inetres.admx Restricted Sites Zone Restricted Protocols
inetres.admx Restricted Sites Zone Restricted Protocols
inetres.admx Restricted Sites Zone Template
inetres.admx Restricted Sites Zone Template
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Run ActiveX controls and plugins
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Scripting of Java applets
inetres.admx Search: Disable Find Files via F3 within the browser
inetres.admx Search: Disable Search Customization
inetres.admx Security Zones: Do not allow users to add/delete sites
inetres.admx Security Zones: Do not allow users to change policies
inetres.admx Security Zones: Use only machine settings
inetres.admx Send all sites not included in the Enterprise Mode Site List to Microsoft Ed
inetres.admx Send all sites not included in the Enterprise Mode Site List to Microsoft Ed
inetres.admx Send internationalized domain names
inetres.admx Send internationalized domain names
inetres.admx Set application cache storage limits for individual domains
inetres.admx Set application cache storage limits for individual domains
inetres.admx Set application caches expiration time limit for individual domains
inetres.admx Set application caches expiration time limit for individual domains
inetres.admx Set default storage limits for websites
inetres.admx Set default storage limits for websites
inetres.admx Set how links are opened in Internet Explorer
inetres.admx Set how links are opened in Internet Explorer
inetres.admx Set indexed database storage limits for individual domains
inetres.admx Set indexed database storage limits for individual domains
inetres.admx Set maximum application cache individual resource size
inetres.admx Set maximum application cache individual resource size
inetres.admx Set maximum application cache resource list size
inetres.admx Set maximum application cache resource list size
inetres.admx Set maximum application caches storage limit for all domains
inetres.admx Set maximum application caches storage limit for all domains
inetres.admx Set maximum indexed database storage limit for all domains
inetres.admx Set maximum indexed database storage limit for all domains
inetres.admx Set tab process growth
inetres.admx Set tab process growth
inetres.admx Set the maximum number of WebSocket connections per server
inetres.admx Set the maximum number of WebSocket connections per server
inetres.admx Shockwave Flash
inetres.admx Show Content Advisor on Internet Options
inetres.admx Show Content Advisor on Internet Options
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Show security warning for potentially unsafe files
inetres.admx Site to Zone Assignment List
inetres.admx Site to Zone Assignment List
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Software channel permissions
inetres.admx Specify default behavior for a new tab
inetres.admx Specify default behavior for a new tab
inetres.admx Specify use of ActiveX Installer Service for installation of ActiveX controls
inetres.admx Specify use of ActiveX Installer Service for installation of ActiveX controls
inetres.admx Start Internet Explorer with tabs from last browsing session
inetres.admx Start Internet Explorer with tabs from last browsing session
inetres.admx Start the Internet Connection Wizard automatically
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Submit non-encrypted form data
inetres.admx Subscription Limits
inetres.admx Tools menu: Disable Internet Options... menu option
inetres.admx Trusted Sites Zone Restricted Protocols
inetres.admx Trusted Sites Zone Restricted Protocols
inetres.admx Trusted Sites Zone Template
inetres.admx Trusted Sites Zone Template
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off .NET Framework Setup
inetres.admx Turn off ability to pin sites in Internet Explorer on the desktop
inetres.admx Turn off ability to pin sites in Internet Explorer on the desktop
inetres.admx Turn off Accelerators
inetres.admx Turn off Accelerators
inetres.admx Turn off ActiveX Opt-In prompt
inetres.admx Turn off ActiveX Opt-In prompt
inetres.admx Turn off add-on performance notifications
inetres.admx Turn off add-on performance notifications
inetres.admx Turn off Adobe Flash in Internet Explorer and prevent applications from usi
inetres.admx Turn off Adobe Flash in Internet Explorer and prevent applications from usi
inetres.admx Turn off Automatic Crash Recovery
inetres.admx Turn off Automatic Crash Recovery
inetres.admx Turn off automatic download of the ActiveX VersionList
inetres.admx Turn off automatic image resizing
inetres.admx Turn off background synchronization for feeds and Web Slices
inetres.admx Turn off background synchronization for feeds and Web Slices
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer on spe
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer on spe
inetres.admx Turn off browser geolocation
inetres.admx Turn off browser geolocation
inetres.admx Turn off ClearType
inetres.admx Turn off ClearType
inetres.admx Turn off collection of InPrivate Filtering data
inetres.admx Turn off collection of InPrivate Filtering data
inetres.admx Turn off Compatibility View
inetres.admx Turn off Compatibility View
inetres.admx Turn off Compatibility View button
inetres.admx Turn off Compatibility View button
inetres.admx Turn off configuration of pop-up windows in tabbed browsing
inetres.admx Turn off configuration of pop-up windows in tabbed browsing
inetres.admx Turn off configuring underline links
inetres.admx Turn off Crash Detection
inetres.admx Turn off Crash Detection
inetres.admx Turn off cross-document messaging
inetres.admx Turn off cross-document messaging
inetres.admx Turn off Data Execution Prevention
inetres.admx Turn off Data URI support
inetres.admx Turn off Data URI support
inetres.admx Turn off details in messages about Internet connection problems
inetres.admx Turn off Developer Tools
inetres.admx Turn off Developer Tools
inetres.admx Turn off encryption support
inetres.admx Turn off encryption support
inetres.admx Turn off Favorites bar
inetres.admx Turn off Favorites bar
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off first-run prompt
inetres.admx Turn off image display
inetres.admx Turn off inline AutoComplete in File Explorer
inetres.admx Turn off InPrivate Browsing
inetres.admx Turn off InPrivate Browsing
inetres.admx Turn off InPrivate Filtering
inetres.admx Turn off InPrivate Filtering
inetres.admx Turn off loading websites and content in the background to optimize per
inetres.admx Turn off loading websites and content in the background to optimize per
inetres.admx Turn off Managing SmartScreen Filter for Internet Explorer 8
inetres.admx Turn off Managing SmartScreen Filter for Internet Explorer 8
inetres.admx Turn off page transitions
inetres.admx Turn off page-zooming functionality
inetres.admx Turn off page-zooming functionality
inetres.admx Turn off phone number detection
inetres.admx Turn off phone number detection
inetres.admx Turn off pop-up management
inetres.admx Turn off pop-up management
inetres.admx Turn off Print Menu
inetres.admx Turn off Print Menu
inetres.admx Turn off Profile Assistant
inetres.admx Turn off Profile Assistant
inetres.admx Turn off Quick Tabs functionality
inetres.admx Turn off Quick Tabs functionality
inetres.admx Turn off Reopen Last Browsing Session
inetres.admx Turn off Reopen Last Browsing Session
inetres.admx Turn off sending URL path as UTF-8
inetres.admx Turn off sending UTF-8 query strings for URLs
inetres.admx Turn off sending UTF-8 query strings for URLs
inetres.admx Turn off Shortcut Menu
inetres.admx Turn off smart image dithering
inetres.admx Turn off smooth scrolling
inetres.admx Turn off suggestions for all user-installed providers
inetres.admx Turn off suggestions for all user-installed providers
inetres.admx Turn off Tab Grouping
inetres.admx Turn off tabbed browsing
inetres.admx Turn off tabbed browsing
inetres.admx Turn off the ability to launch report site problems using a menu option
inetres.admx Turn off the ability to launch report site problems using a menu option
inetres.admx Turn off the auto-complete feature for web addresses
inetres.admx Turn off the auto-complete feature for web addresses
inetres.admx Turn off the flip ahead with page prediction feature
inetres.admx Turn off the flip ahead with page prediction feature
inetres.admx Turn off the quick pick menu
inetres.admx Turn off the quick pick menu
inetres.admx Turn off the Security Settings Check feature
inetres.admx Turn off the Security Settings Check feature
inetres.admx Turn off the WebSocket Object
inetres.admx Turn off the WebSocket Object
inetres.admx Turn off the XDomainRequest object
inetres.admx Turn off the XDomainRequest object
inetres.admx Turn off toolbar upgrade tool
inetres.admx Turn off toolbar upgrade tool
inetres.admx Turn off Tracking Protection
inetres.admx Turn off Tracking Protection
inetres.admx Turn off URL Suggestions
inetres.admx Turn off URL Suggestions
inetres.admx Turn off Windows Search AutoComplete
inetres.admx Turn off Windows Search AutoComplete
inetres.admx Turn on 64-bit tab processes when running in Enhanced Protected Mode o
inetres.admx Turn on 64-bit tab processes when running in Enhanced Protected Mode o
inetres.admx Turn on ActiveX control logging in Internet Explorer
inetres.admx Turn on ActiveX control logging in Internet Explorer
inetres.admx Turn on ActiveX Filtering
inetres.admx Turn on ActiveX Filtering
inetres.admx Turn on automatic detection of intranet
inetres.admx Turn on automatic detection of intranet
inetres.admx Turn on automatic signup
inetres.admx Turn on Basic feed authentication over HTTP
inetres.admx Turn on Basic feed authentication over HTTP
inetres.admx Turn on Caret Browsing support
inetres.admx Turn on Caret Browsing support
inetres.admx Turn on certificate address mismatch warning
inetres.admx Turn on certificate address mismatch warning
inetres.admx Turn on compatibility logging
inetres.admx Turn on compatibility logging
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Turn on Enhanced Protected Mode
inetres.admx Turn on Enhanced Protected Mode
inetres.admx Turn on inline AutoComplete
inetres.admx Turn on Internet Explorer 7 Standards Mode
inetres.admx Turn on Internet Explorer 7 Standards Mode
inetres.admx Turn on Internet Explorer Standards Mode for local intranet
inetres.admx Turn on Internet Explorer Standards Mode for local intranet
inetres.admx Turn on menu bar by default
inetres.admx Turn on menu bar by default
inetres.admx Turn on Notification bar notification for intranet content
inetres.admx Turn on Notification bar notification for intranet content
inetres.admx Turn on printing of background colors and images
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on Protected Mode
inetres.admx Turn on script debugging
inetres.admx Turn on Site Discovery WMI output
inetres.admx Turn on Site Discovery WMI output
inetres.admx Turn on Site Discovery XML output
inetres.admx Turn on Site Discovery XML output
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Turn on Suggested Sites
inetres.admx Turn on Suggested Sites
inetres.admx Turn on the auto-complete feature for user names and passwords on form
inetres.admx Turn on the display of script errors
inetres.admx Turn on the hover color option
inetres.admx Use Automatic Detection for dial-up connections
inetres.admx Use HTTP 1.1
inetres.admx Use HTTP 1.1
inetres.admx Use HTTP 1.1 through proxy connections
inetres.admx Use HTTP 1.1 through proxy connections
inetres.admx Use large icons for command buttons
inetres.admx Use large icons for command buttons
inetres.admx Use Policy List of Internet Explorer 7 sites
inetres.admx Use Policy List of Internet Explorer 7 sites
inetres.admx Use Policy List of Quirks Mode sites
inetres.admx Use Policy List of Quirks Mode sites
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use Pop-up Blocker
inetres.admx Use the Enterprise Mode IE website list
inetres.admx Use the Enterprise Mode IE website list
inetres.admx Use UTF-8 for mailto links
inetres.admx Use UTF-8 for mailto links
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx Userdata persistence
inetres.admx View menu: Disable Full Screen menu option
inetres.admx View menu: Disable Source menu option
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inkwatson.admx Turn off handwriting recognition error reporting
inkwatson.admx Turn off handwriting recognition error reporting
iscsi.admx Do not allow adding new targets via manual configuration
iscsi.admx Do not allow additional session logins
iscsi.admx Do not allow changes to initiator CHAP secret
iscsi.admx Do not allow changes to initiator iqn name
iscsi.admx Do not allow connections without IPSec
iscsi.admx Do not allow manual configuration of discovered targets
iscsi.admx Do not allow manual configuration of iSNS servers
iscsi.admx Do not allow manual configuration of target portals
iscsi.admx Do not allow sessions without mutual CHAP
iscsi.admx Do not allow sessions without one way CHAP
kdc.admx KDC support for claims, compound authentication and Kerberos armoring
kdc.admx KDC support for PKInit Freshness Extension
kdc.admx Provide information about previous logons to client computers
kdc.admx Request compound authentication
kdc.admx Use forest search order
kdc.admx Warning for large Kerberos tickets
kerberos.admx Always send compound authentication first
kerberos.admx Define host name-to-Kerberos realm mappings
kerberos.admx Define interoperable Kerberos V5 realm settings
kerberos.admx Disable revocation checking for the SSL certificate of KDC proxy servers
kerberos.admx Fail authentication requests when Kerberos armoring is not available
kerberos.admx Kerberos client support for claims, compound authentication and Kerbero
kerberos.admx Require strict KDC validation
kerberos.admx Require strict target SPN match on remote procedure calls
kerberos.admx Set maximum Kerberos SSPI context token buffer size
kerberos.admx Specify KDC proxy servers for Kerberos clients
kerberos.admx Support compound authentication
kerberos.admx Support device authentication using certificate
kerberos.admx Use forest search order
lanmanserver.admx Cipher suite order
lanmanserver.admx Hash Publication for BranchCache
lanmanserver.admx Hash Version support for BranchCache
lanmanserver.admx Honor cipher suite order
lanmanworkstation.admx Cipher suite order
lanmanworkstation.admx Enable insecure guest logons
lanmanworkstation.admx Handle Caching on Continuous Availability Shares
lanmanworkstation.admx Offline Files Availability on Continuous Availability Shares
leakdiagnostic.admx Configure Scenario Execution Level
linklayertopologydiscovery.admx Turn on Mapper I/O (LLTDIO) driver
linklayertopologydiscovery.admx Turn on Responder (RSPNDR) driver
locationprovideradm.admx Turn off Windows Location Provider
logon.admx Always use classic logon
logon.admx Always use custom logon background
logon.admx Always wait for the network at computer startup and logon
logon.admx Block user from showing account details on sign-in
logon.admx Display highly detailed status messages
logon.admx Do not display network selection UI
logon.admx Do not display the Getting Started welcome screen at logon
logon.admx Do not display the Getting Started welcome screen at logon
logon.admx Do not enumerate connected users on domain-joined computers
logon.admx Do not process the legacy run list
logon.admx Do not process the legacy run list
logon.admx Do not process the run once list
logon.admx Do not process the run once list
logon.admx Enumerate local users on domain-joined computers
logon.admx Hide entry points for Fast User Switching
logon.admx Remove Boot / Shutdown / Logon / Logoff status messages
logon.admx Run these programs at user logon
logon.admx Run these programs at user logon
logon.admx Show first sign-in animation
logon.admx Turn off app notifications on the lock screen
logon.admx Turn off Windows Startup sound
mdm.admx Disable MDM Enrollment
microsoftedge.admx Allow Developer Tools
microsoftedge.admx Allow Developer Tools
microsoftedge.admx Allow Extensions
microsoftedge.admx Allow Extensions
microsoftedge.admx Allow InPrivate browsing
microsoftedge.admx Allow InPrivate browsing
microsoftedge.admx Allow web content on New Tab page
microsoftedge.admx Allow web content on New Tab page
microsoftedge.admx Configure Autofill
microsoftedge.admx Configure Autofill
microsoftedge.admx Configure cookies
microsoftedge.admx Configure cookies
microsoftedge.admx Configure Do Not Track
microsoftedge.admx Configure Do Not Track
microsoftedge.admx Configure Favorites
microsoftedge.admx Configure Favorites
microsoftedge.admx Configure Home pages
microsoftedge.admx Configure Home pages
microsoftedge.admx Configure Password Manager
microsoftedge.admx Configure Password Manager
microsoftedge.admx Configure Pop-up Blocker
microsoftedge.admx Configure Pop-up Blocker
microsoftedge.admx Configure search suggestions in Address bar
microsoftedge.admx Configure search suggestions in Address bar
microsoftedge.admx Configure SmartScreen Filter
microsoftedge.admx Configure SmartScreen Filter
microsoftedge.admx Configure the Enterprise Mode Site List
microsoftedge.admx Configure the Enterprise Mode Site List
microsoftedge.admx Prevent access to the about:flags page in Microsoft Edge
microsoftedge.admx Prevent access to the about:flags page in Microsoft Edge
microsoftedge.admx Prevent bypassing SmartScreen prompts for files
microsoftedge.admx Prevent bypassing SmartScreen prompts for files
microsoftedge.admx Prevent bypassing SmartScreen prompts for sites
microsoftedge.admx Prevent bypassing SmartScreen prompts for sites
microsoftedge.admx Prevent using Localhost IP address for WebRTC
microsoftedge.admx Prevent using Localhost IP address for WebRTC
microsoftedge.admx Send all intranet sites to Internet Explorer 11
microsoftedge.admx Send all intranet sites to Internet Explorer 11
microsoftedge.admx Show message when opening sites in Internet Explorer
microsoftedge.admx Show message when opening sites in Internet Explorer
mmc.admx ActiveX Control
mmc.admx Extended View (Web View)
mmc.admx Link to Web Address
mmc.admx Restrict the user from entering author mode
mmc.admx Restrict users to the explicitly permitted list of snap-ins
mmcsnapins.admx .Net Framework Configuration
mmcsnapins.admx Active Directory Domains and Trusts
mmcsnapins.admx Active Directory Sites and Services
mmcsnapins.admx Active Directory Users and Computers
mmcsnapins.admx Administrative Templates (Computers)
mmcsnapins.admx Administrative Templates (Computers)
mmcsnapins.admx Administrative Templates (Users)
mmcsnapins.admx Administrative Templates (Users)
mmcsnapins.admx ADSI Edit
mmcsnapins.admx AppleTalk Routing
mmcsnapins.admx Authorization Manager
mmcsnapins.admx Certificate Templates
mmcsnapins.admx Certificates
mmcsnapins.admx Certification Authority
mmcsnapins.admx Certification Authority Policy Settings
mmcsnapins.admx Component Services
mmcsnapins.admx Computer Management
mmcsnapins.admx Connection Sharing (NAT)
mmcsnapins.admx DCOM Configuration Extension
mmcsnapins.admx Device Manager
mmcsnapins.admx Device Manager
mmcsnapins.admx DHCP Relay Management
mmcsnapins.admx Disk Defragmenter
mmcsnapins.admx Disk Management
mmcsnapins.admx Distributed File System
mmcsnapins.admx Enterprise PKI
mmcsnapins.admx Event Viewer
mmcsnapins.admx Event Viewer
mmcsnapins.admx Event Viewer (Windows Vista)
mmcsnapins.admx Event Viewer (Windows Vista)
mmcsnapins.admx Failover Clusters Manager
mmcsnapins.admx FAX Service
mmcsnapins.admx Folder Redirection
mmcsnapins.admx Folder Redirection
mmcsnapins.admx FrontPage Server Extensions
mmcsnapins.admx Group Policy Management
mmcsnapins.admx Group Policy Object Editor
mmcsnapins.admx Group Policy tab for Active Directory Tools
mmcsnapins.admx Health Registration Authority (HRA)
mmcsnapins.admx IAS Logging
mmcsnapins.admx IGMP Routing
mmcsnapins.admx Indexing Service
mmcsnapins.admx Internet Authentication Service (IAS)
mmcsnapins.admx Internet Explorer Maintenance
mmcsnapins.admx Internet Explorer Maintenance
mmcsnapins.admx Internet Information Services
mmcsnapins.admx IP Routing
mmcsnapins.admx IP Security Monitor
mmcsnapins.admx IP Security Policy Management
mmcsnapins.admx IP Security Policy Management
mmcsnapins.admx IPX RIP Routing
mmcsnapins.admx IPX Routing
mmcsnapins.admx IPX SAP Routing
mmcsnapins.admx Local Users and Groups
mmcsnapins.admx Logical and Mapped Drives
mmcsnapins.admx NAP Client Configuration
mmcsnapins.admx NAP Client Configuration
mmcsnapins.admx Network Policy Server (NPS)
mmcsnapins.admx Online Responder
mmcsnapins.admx OSPF Routing
mmcsnapins.admx Performance Logs and Alerts
mmcsnapins.admx Public Key Policies
mmcsnapins.admx QoS Admission Control
mmcsnapins.admx RAS Dialin - User Node
mmcsnapins.admx Remote Access
mmcsnapins.admx Remote Desktop Services Configuration
mmcsnapins.admx Remote Desktops
mmcsnapins.admx Remote Installation Services
mmcsnapins.admx Removable Storage
mmcsnapins.admx Removable Storage Management
mmcsnapins.admx Resultant Set of Policy snap-in
mmcsnapins.admx RIP Routing
mmcsnapins.admx Routing
mmcsnapins.admx Routing and Remote Access
mmcsnapins.admx Scripts (Logon/Logoff)
mmcsnapins.admx Scripts (Logon/Logoff)
mmcsnapins.admx Scripts (Startup/Shutdown)
mmcsnapins.admx Scripts (Startup/Shutdown)
mmcsnapins.admx Security Configuration and Analysis
mmcsnapins.admx Security Settings
mmcsnapins.admx Security Settings
mmcsnapins.admx Security Templates
mmcsnapins.admx Send Console Message
mmcsnapins.admx Server Manager
mmcsnapins.admx Service Dependencies
mmcsnapins.admx Services
mmcsnapins.admx Shared Folders
mmcsnapins.admx Shared Folders Ext
mmcsnapins.admx SMTP Protocol
mmcsnapins.admx SNMP
mmcsnapins.admx Software Installation (Computers)
mmcsnapins.admx Software Installation (Computers)
mmcsnapins.admx Software Installation (Users)
mmcsnapins.admx Software Installation (Users)
mmcsnapins.admx System Information
mmcsnapins.admx System Properties
mmcsnapins.admx Telephony
mmcsnapins.admx TPM Management
mmcsnapins.admx Windows Firewall with Advanced Security
mmcsnapins.admx Windows Firewall with Advanced Security
mmcsnapins.admx Wired Network (IEEE 802.3) Policies
mmcsnapins.admx Wireless Monitor
mmcsnapins.admx Wireless Network (IEEE 802.11) Policies
mmcsnapins.admx WMI Control
mmcsnapins2.admx DFS Management
mmcsnapins2.admx DFS Management Extension
mmcsnapins2.admx Disk Management Extension
mmcsnapins2.admx File Server Resource Manager
mmcsnapins2.admx File Server Resource Manager Extension
mmcsnapins2.admx Group Policy Management Editor
mmcsnapins2.admx Group Policy Starter GPO Editor
mmcsnapins2.admx Share and Storage Management
mmcsnapins2.admx Share and Storage Management Extension
mmcsnapins2.admx Storage Manager for SANs
mmcsnapins2.admx Storage Manager for SANS Extension
mobilepcmobilitycenter.admx Turn off Windows Mobility Center
mobilepcmobilitycenter.admx Turn off Windows Mobility Center
mobilepcpresentationsettings.admx Turn off Windows presentation settings
mobilepcpresentationsettings.admx Turn off Windows presentation settings
msched.admx Automatic Maintenance Activation Boundary
msched.admx Automatic Maintenance Random Delay
msched.admx Automatic Maintenance WakeUp Policy
msdt.admx Microsoft Support Diagnostic Tool: Configure execution level
msdt.admx Microsoft Support Diagnostic Tool: Restrict tool download
msdt.admx Microsoft Support Diagnostic Tool: Turn on MSDT interactive communicati
msi.admx Allow user control over installs
msi.admx Allow users to browse for source while elevated
msi.admx Allow users to patch elevated products
msi.admx Allow users to use media source while elevated
msi.admx Always install with elevated privileges
msi.admx Always install with elevated privileges
msi.admx Control maximum size of baseline file cache
msi.admx Enforce upgrade component rules
msi.admx Prevent embedded UI
msi.admx Prevent Internet Explorer security prompt for Windows Installer scripts
msi.admx Prevent removable media source for any installation
msi.admx Prevent users from using Windows Installer to install updates and upgrade
msi.admx Prohibit flyweight patching
msi.admx Prohibit non-administrators from applying vendor signed updates
msi.admx Prohibit removal of updates
msi.admx Prohibit rollback
msi.admx Prohibit rollback
msi.admx Prohibit use of Restart Manager
msi.admx Prohibit User Installs
msi.admx Remove browse dialog box for new source
msi.admx Save copies of transform files in a secure location on workstation
msi.admx Specify the order in which Windows Installer searches for installation files
msi.admx Specify the types of events Windows Installer records in its transaction log
msi.admx Turn off creation of System Restore checkpoints
msi.admx Turn off logging via package settings
msi.admx Turn off shared components
msi.admx Turn off Windows Installer
msi-filerecovery.admx Configure MSI Corrupted File Recovery behavior
nca.admx Corporate Resources
nca.admx Custom Commands
nca.admx DirectAccess Passive Mode
nca.admx Friendly Name
nca.admx IPsec Tunnel Endpoints
nca.admx Prefer Local Names Allowed
nca.admx Support Email Address
nca.admx User Interface
ncsi.admx Specify corporate DNS probe host address
ncsi.admx Specify corporate DNS probe host name
ncsi.admx Specify corporate site prefix list
ncsi.admx Specify corporate Website probe URL
ncsi.admx Specify domain location determination URL
ncsi.admx Specify passive polling
netlogon.admx Allow cryptography algorithms compatible with Windows NT 4.0
netlogon.admx Contact PDC on logon failure
netlogon.admx Do not process incoming mailslot messages used for domain controller l
netlogon.admx Do not use NetBIOS-based discovery for domain controller location when D
netlogon.admx Force Rediscovery Interval
netlogon.admx Return domain controller address type
netlogon.admx Set Netlogon share compatibility
netlogon.admx Set Priority in the DC Locator DNS SRV records
netlogon.admx Set scavenge interval
netlogon.admx Set SYSVOL share compatibility
netlogon.admx Set TTL in the DC Locator DNS Records
netlogon.admx Set Weight in the DC Locator DNS SRV records
netlogon.admx Specify address lookup behavior for DC locator ping
netlogon.admx Specify DC Locator DNS records not registered by the DCs
netlogon.admx Specify dynamic registration of the DC Locator DNS Records
netlogon.admx Specify expected dial-up delay on logon
netlogon.admx Specify log file debug output level
netlogon.admx Specify maximum log file size
netlogon.admx Specify negative DC Discovery cache setting
netlogon.admx Specify positive periodic DC Cache refresh for non-background callers
netlogon.admx Specify Refresh Interval of the DC Locator DNS records
netlogon.admx Specify site name
netlogon.admx Specify sites covered by the application directory partition DC Locator DN
netlogon.admx Specify sites covered by the DC Locator DNS SRV records
netlogon.admx Specify sites covered by the GC Locator DNS SRV Records
netlogon.admx Try Next Closest Site
netlogon.admx Use automated site coverage by the DC Locator DNS SRV Records
netlogon.admx Use DNS name resolution when a single-label domain name is used, by appe
netlogon.admx Use DNS name resolution with a single-label domain name instead of NetB
netlogon.admx Use final DC discovery retry setting for background callers
netlogon.admx Use initial DC discovery retry setting for background callers
netlogon.admx Use maximum DC discovery retry interval setting for background callers
netlogon.admx Use positive periodic DC cache refresh for background callers
netlogon.admx Use urgent mode when pinging domain controllers
networkconnections.admx Ability to change properties of an all user remote access connection
networkconnections.admx Ability to delete all user remote access connections
networkconnections.admx Ability to Enable/Disable a LAN connection
networkconnections.admx Ability to rename all user remote access connections
networkconnections.admx Ability to rename LAN connections
networkconnections.admx Ability to rename LAN connections or remote access connections available
networkconnections.admx Do not show the "local access only" network icon
networkconnections.admx Enable Windows 2000 Network Connections settings for Administrators
networkconnections.admx Prohibit access to properties of a LAN connection
networkconnections.admx Prohibit access to properties of components of a LAN connection
networkconnections.admx Prohibit access to properties of components of a remote access connectio
networkconnections.admx Prohibit access to the Advanced Settings item on the Advanced menu
networkconnections.admx Prohibit access to the New Connection Wizard
networkconnections.admx Prohibit access to the Remote Access Preferences item on the Advanced
networkconnections.admx Prohibit adding and removing components for a LAN or remote access con
networkconnections.admx Prohibit changing properties of a private remote access connection
networkconnections.admx Prohibit connecting and disconnecting a remote access connection
networkconnections.admx Prohibit deletion of remote access connections
networkconnections.admx Prohibit Enabling/Disabling components of a LAN connection
networkconnections.admx Prohibit installation and configuration of Network Bridge on your DNS do
networkconnections.admx Prohibit renaming private remote access connections
networkconnections.admx Prohibit TCP/IP advanced configuration
networkconnections.admx Prohibit use of Internet Connection Firewall on your DNS domain network
networkconnections.admx Prohibit use of Internet Connection Sharing on your DNS domain network
networkconnections.admx Prohibit viewing of status for an active connection
networkconnections.admx Require domain users to elevate when setting a network's location
networkconnections.admx Route all traffic through the internal network
networkconnections.admx Turn off notifications when a connection has only limited or no connectivi
networkisolation.admx Internet proxy servers for apps
networkisolation.admx Intranet proxy servers for apps
networkisolation.admx Private network ranges for apps
networkisolation.admx Proxy definitions are authoritative
networkisolation.admx Subnet definitions are authoritative
networkprovider.admx Hardened UNC Paths
offlinefiles.admx Action on server disconnect
offlinefiles.admx Action on server disconnect
offlinefiles.admx Allow or Disallow use of the Offline Files feature
offlinefiles.admx At logoff, delete local copy of users offline files
offlinefiles.admx Configure Background Sync
offlinefiles.admx Configure Slow link speed
offlinefiles.admx Configure slow-link mode
offlinefiles.admx Default cache size
offlinefiles.admx Enable file screens
offlinefiles.admx Enable file synchronization on costed networks
offlinefiles.admx Enable Transparent Caching
offlinefiles.admx Encrypt the Offline Files cache
offlinefiles.admx Event logging level
offlinefiles.admx Event logging level
offlinefiles.admx Files not cached
offlinefiles.admx Initial reminder balloon lifetime
offlinefiles.admx Initial reminder balloon lifetime
offlinefiles.admx Limit disk space used by Offline Files
offlinefiles.admx Non-default server disconnect actions
offlinefiles.admx Non-default server disconnect actions
offlinefiles.admx Prevent use of Offline Files folder
offlinefiles.admx Prevent use of Offline Files folder
offlinefiles.admx Prohibit user configuration of Offline Files
offlinefiles.admx Prohibit user configuration of Offline Files
offlinefiles.admx Reminder balloon frequency
offlinefiles.admx Reminder balloon frequency
offlinefiles.admx Reminder balloon lifetime
offlinefiles.admx Reminder balloon lifetime
offlinefiles.admx Remove "Make Available Offline" command
offlinefiles.admx Remove "Make Available Offline" command
offlinefiles.admx Remove "Make Available Offline" for these files and folders
offlinefiles.admx Remove "Make Available Offline" for these files and folders
offlinefiles.admx Remove "Work offline" command
offlinefiles.admx Remove "Work offline" command
offlinefiles.admx Specify administratively assigned Offline Files
offlinefiles.admx Specify administratively assigned Offline Files
offlinefiles.admx Subfolders always available offline
offlinefiles.admx Synchronize all offline files before logging off
offlinefiles.admx Synchronize all offline files before logging off
offlinefiles.admx Synchronize all offline files when logging on
offlinefiles.admx Synchronize all offline files when logging on
offlinefiles.admx Synchronize offline files before suspend
offlinefiles.admx Synchronize offline files before suspend
offlinefiles.admx Turn off reminder balloons
offlinefiles.admx Turn off reminder balloons
offlinefiles.admx Turn on economical application of administratively assigned Offline Files
p2p-pnrp.admx Disable password strength validation for Peer Grouping
p2p-pnrp.admx Set PNRP cloud to resolve only
p2p-pnrp.admx Set PNRP cloud to resolve only
p2p-pnrp.admx Set PNRP cloud to resolve only
p2p-pnrp.admx Set the Seed Server
p2p-pnrp.admx Set the Seed Server
p2p-pnrp.admx Set the Seed Server
p2p-pnrp.admx Turn off Microsoft Peer-to-Peer Networking Services
p2p-pnrp.admx Turn off Multicast Bootstrap
p2p-pnrp.admx Turn off Multicast Bootstrap
p2p-pnrp.admx Turn off Multicast Bootstrap
p2p-pnrp.admx Turn off PNRP cloud creation
p2p-pnrp.admx Turn off PNRP cloud creation
p2p-pnrp.admx Turn off PNRP cloud creation
passport.admx Expiration
passport.admx Expiration
passport.admx History
passport.admx History
passport.admx Maximum PIN length
passport.admx Maximum PIN length
passport.admx Minimum PIN length
passport.admx Minimum PIN length
passport.admx Require digits
passport.admx Require digits
passport.admx Require lowercase letters
passport.admx Require lowercase letters
passport.admx Require special characters
passport.admx Require special characters
passport.admx Require uppercase letters
passport.admx Require uppercase letters
passport.admx Use a hardware security device
passport.admx Use biometrics
passport.admx Use Microsoft Passport for Work
passport.admx Use Remote Passport
pca.admx Detect application failures caused by deprecated COM objects
pca.admx Detect application failures caused by deprecated Windows DLLs
pca.admx Detect application install failures
pca.admx Detect application installers that need to be run as administrator
pca.admx Detect applications unable to launch installers under UAC
pca.admx Detect compatibility issues for applications and drivers
pca.admx Notify blocked drivers
peertopeercaching.admx Configure BranchCache for network files
peertopeercaching.admx Configure Client BranchCache Version Support
peertopeercaching.admx Configure Hosted Cache Servers
peertopeercaching.admx Enable Automatic Hosted Cache Discovery by Service Connection Point
peertopeercaching.admx Set age for segments in the data cache
peertopeercaching.admx Set BranchCache Distributed Cache mode
peertopeercaching.admx Set BranchCache Hosted Cache mode
peertopeercaching.admx Set percentage of disk space used for client computer cache
peertopeercaching.admx Turn on BranchCache
pentraining.admx Turn off Tablet PC Pen Training
pentraining.admx Turn off Tablet PC Pen Training
performancediagnostics.admx Configure Scenario Execution Level
performancediagnostics.admx Configure Scenario Execution Level
performancediagnostics.admx Configure Scenario Execution Level
performancediagnostics.admx Configure Scenario Execution Level
performanceperftrack.admx Enable/Disable PerfTrack
power.admx Allow applications to prevent automatic sleep (on battery)
power.admx Allow applications to prevent automatic sleep (plugged in)
power.admx Allow automatic sleep with Open Network Files (on battery)
power.admx Allow automatic sleep with Open Network Files (plugged in)
power.admx Allow network connectivity during connected-standby (on battery)
power.admx Allow network connectivity during connected-standby (plugged in)
power.admx Allow standby states (S1-S3) when sleeping (on battery)
power.admx Allow standby states (S1-S3) when sleeping (plugged in)
power.admx Critical battery notification action
power.admx Critical battery notification level
power.admx Do not turn off system power after a Windows system shutdown has occur
power.admx Energy Saver Battery Threshold (on battery)
power.admx Energy Saver Battery Threshold (plugged in)
power.admx Low battery notification action
power.admx Low battery notification level
power.admx Prompt for password on resume from hibernate/suspend
power.admx Reduce display brightness (on battery)
power.admx Reduce display brightness (plugged in)
power.admx Require a password when a computer wakes (on battery)
power.admx Require a password when a computer wakes (plugged in)
power.admx Reserve battery notification level
power.admx Select an active power plan
power.admx Select the lid switch action (on battery)
power.admx Select the lid switch action (plugged in)
power.admx Select the Power button action (on battery)
power.admx Select the Power button action (plugged in)
power.admx Select the Sleep button action (on battery)
power.admx Select the Sleep button action (plugged in)
power.admx Select the Start menu Power button action (on battery)
power.admx Select the Start menu Power button action (plugged in)
power.admx Specify a custom active power plan
power.admx Specify the display dim brightness (on battery)
power.admx Specify the display dim brightness (plugged in)
power.admx Specify the system hibernate timeout (on battery)
power.admx Specify the system hibernate timeout (plugged in)
power.admx Specify the system sleep timeout (on battery)
power.admx Specify the system sleep timeout (plugged in)
power.admx Specify the unattended sleep timeout (on battery)
power.admx Specify the unattended sleep timeout (plugged in)
power.admx Turn off adaptive display timeout (on battery)
power.admx Turn off adaptive display timeout (plugged in)
power.admx Turn off hybrid sleep (on battery)
power.admx Turn off hybrid sleep (plugged in)
power.admx Turn off low battery user notification
power.admx Turn off the display (on battery)
power.admx Turn off the display (plugged in)
power.admx Turn Off the hard disk (on battery)
power.admx Turn Off the hard disk (plugged in)
power.admx Turn on desktop background slideshow (on battery)
power.admx Turn on desktop background slideshow (plugged in)
power.admx Turn on the ability for applications to prevent sleep transitions (on battery
power.admx Turn on the ability for applications to prevent sleep transitions (plugged in
powershellexecutionpolicy.admx Set the default source path for Update-Help
powershellexecutionpolicy.admx Set the default source path for Update-Help
powershellexecutionpolicy.admx Turn on Module Logging
powershellexecutionpolicy.admx Turn on Module Logging
powershellexecutionpolicy.admx Turn on PowerShell Script Block Logging
powershellexecutionpolicy.admx Turn on PowerShell Script Block Logging
powershellexecutionpolicy.admx Turn on PowerShell Transcription
powershellexecutionpolicy.admx Turn on PowerShell Transcription
powershellexecutionpolicy.admx Turn on Script Execution
powershellexecutionpolicy.admx Turn on Script Execution
previousversions.admx Hide previous versions list for local files
previousversions.admx Hide previous versions list for local files
previousversions.admx Hide previous versions list for remote files
previousversions.admx Hide previous versions list for remote files
previousversions.admx Hide previous versions of files on backup location
previousversions.admx Hide previous versions of files on backup location
previousversions.admx Prevent restoring local previous versions
previousversions.admx Prevent restoring local previous versions
previousversions.admx Prevent restoring previous versions from backups
previousversions.admx Prevent restoring previous versions from backups
previousversions.admx Prevent restoring remote previous versions
previousversions.admx Prevent restoring remote previous versions
printing.admx Activate Internet printing
printing.admx Add Printer wizard - Network scan page (Managed network)
printing.admx Add Printer wizard - Network scan page (Unmanaged network)
printing.admx Allow job name in event logs
printing.admx Always rasterize content to be printed using a software rasterizer
printing.admx Always render print jobs on the server
printing.admx Browse a common web site to find printers
printing.admx Browse the network to find printers
printing.admx Change Microsoft XPS Document Writer (MXDW) default output format to t
printing.admx Computer location
printing.admx Custom support URL in the Printers folder's left pane
printing.admx Default Active Directory path when searching for printers
printing.admx Disallow installation of printers using kernel-mode drivers
printing.admx Do not allow v4 printer drivers to show printer extensions
printing.admx Execute print drivers in isolated processes
printing.admx Extend Point and Print connection to search Windows Update
printing.admx Isolate print drivers from applications
printing.admx Only use Package Point and print
printing.admx Only use Package Point and print
printing.admx Override print driver execution compatibility setting reported by print driv
printing.admx Package Point and print - Approved servers
printing.admx Package Point and print - Approved servers
printing.admx Point and Print Restrictions
printing.admx Point and Print Restrictions
printing.admx Pre-populate printer search location text
printing.admx Prevent addition of printers
printing.admx Prevent deletion of printers
printing.admx Printer browsing
printing.admx Turn off Windows default printer management
printing2.admx Allow Print Spooler to accept client connections
printing2.admx Allow printers to be published
printing2.admx Allow pruning of published printers
printing2.admx Automatically publish new printers in Active Directory
printing2.admx Check published state
printing2.admx Directory pruning interval
printing2.admx Directory pruning priority
printing2.admx Directory pruning retry
printing2.admx Log directory pruning retry events
printing2.admx Prune printers that are not automatically republished
programs.admx Hide "Get Programs" page
programs.admx Hide "Installed Updates" page
programs.admx Hide "Programs and Features" page
programs.admx Hide "Set Program Access and Computer Defaults" page
programs.admx Hide "Windows Features"
programs.admx Hide "Windows Marketplace"
programs.admx Hide the Programs Control Panel
qos.admx Best effort service type
qos.admx Best effort service type
qos.admx Best effort service type
qos.admx Controlled load service type
qos.admx Controlled load service type
qos.admx Controlled load service type
qos.admx Guaranteed service type
qos.admx Guaranteed service type
qos.admx Guaranteed service type
qos.admx Limit outstanding packets
qos.admx Limit reservable bandwidth
qos.admx Network control service type
qos.admx Network control service type
qos.admx Network control service type
qos.admx Non-conforming packets
qos.admx Qualitative service type
qos.admx Qualitative service type
qos.admx Qualitative service type
qos.admx Set timer resolution
racwmiprov.admx Configure Reliability WMI Providers
radar.admx Configure Scenario Execution Level
reagent.admx Allow restore of system to default state
reliability.admx Activate Shutdown Event Tracker System State Data feature
reliability.admx Display Shutdown Event Tracker
reliability.admx Enable Persistent Time Stamp
reliability.admx Report unplanned shutdown events
remoteassistance.admx Allow only Windows Vista or later connections
remoteassistance.admx Configure Offer Remote Assistance
remoteassistance.admx Configure Solicited Remote Assistance
remoteassistance.admx Customize warning messages
remoteassistance.admx Turn on bandwidth optimization
remoteassistance.admx Turn on session logging
removablestorage.admx All Removable Storage classes: Deny all access
removablestorage.admx All Removable Storage classes: Deny all access
removablestorage.admx All Removable Storage: Allow direct access in remote sessions
removablestorage.admx CD and DVD: Deny execute access
removablestorage.admx CD and DVD: Deny read access
removablestorage.admx CD and DVD: Deny read access
removablestorage.admx CD and DVD: Deny write access
removablestorage.admx CD and DVD: Deny write access
removablestorage.admx Custom Classes: Deny read access
removablestorage.admx Custom Classes: Deny read access
removablestorage.admx Custom Classes: Deny write access
removablestorage.admx Custom Classes: Deny write access
removablestorage.admx Floppy Drives: Deny execute access
removablestorage.admx Floppy Drives: Deny read access
removablestorage.admx Floppy Drives: Deny read access
removablestorage.admx Floppy Drives: Deny write access
removablestorage.admx Floppy Drives: Deny write access
removablestorage.admx Removable Disks: Deny execute access
removablestorage.admx Removable Disks: Deny read access
removablestorage.admx Removable Disks: Deny read access
removablestorage.admx Removable Disks: Deny write access
removablestorage.admx Removable Disks: Deny write access
removablestorage.admx Set time (in seconds) to force reboot
removablestorage.admx Set time (in seconds) to force reboot
removablestorage.admx Tape Drives: Deny execute access
removablestorage.admx Tape Drives: Deny read access
removablestorage.admx Tape Drives: Deny read access
removablestorage.admx Tape Drives: Deny write access
removablestorage.admx Tape Drives: Deny write access
removablestorage.admx WPD Devices: Deny read access
removablestorage.admx WPD Devices: Deny read access
removablestorage.admx WPD Devices: Deny write access
removablestorage.admx WPD Devices: Deny write access
rpc.admx Enable RPC Endpoint Mapper Client Authentication
rpc.admx Ignore Delegation Failure
rpc.admx Maintain RPC Troubleshooting State Information
rpc.admx Propagate extended error information
rpc.admx Restrict Unauthenticated RPC clients
rpc.admx Set Minimum Idle Connection Timeout for RPC/HTTP connections
scripts.admx Allow logon scripts when NetBIOS or WINS is disabled
scripts.admx Display instructions in logoff scripts as they run
scripts.admx Display instructions in logon scripts as they run
scripts.admx Display instructions in shutdown scripts as they run
scripts.admx Display instructions in startup scripts as they run
scripts.admx Run legacy logon scripts hidden
scripts.admx Run logon scripts synchronously
scripts.admx Run logon scripts synchronously
scripts.admx Run startup scripts asynchronously
scripts.admx Run Windows PowerShell scripts first at computer startup, shutdown
scripts.admx Run Windows PowerShell scripts first at user logon, logoff
scripts.admx Run Windows PowerShell scripts first at user logon, logoff
scripts.admx Specify maximum wait time for Group Policy scripts
sdiageng.admx Configure Security Policy for Scripted Diagnostics
sdiageng.admx Troubleshooting: Allow users to access and run Troubleshooting Wizards
sdiageng.admx Troubleshooting: Allow users to access online troubleshooting content on
sdiagschd.admx Configure Scheduled Maintenance Behavior
search.admx Add primary intranet search location
search.admx Add secondary intranet search locations
search.admx Allow Cortana
search.admx Allow Cortana above lock screen
search.admx Allow indexing of encrypted files
search.admx Allow search and Cortana to use location
search.admx Allow use of diacritics
search.admx Always use automatic language detection when indexing content and prop
search.admx Control rich previews for attachments
search.admx Default excluded paths
search.admx Default excluded paths
search.admx Default indexed paths
search.admx Default indexed paths
search.admx Disable indexer backoff
search.admx Do not allow locations on removable drives to be added to libraries
search.admx Do not allow web search
search.admx Don't search the web or display web results in Search
search.admx Don't search the web or display web results in Search over metered conne
search.admx Enable indexing of online delegate mailboxes
search.admx Enable indexing uncached Exchange folders
search.admx Enable throttling for online mail indexing
search.admx Indexer data location
search.admx Prevent adding UNC locations to index from Control Panel
search.admx Prevent adding UNC locations to index from Control Panel
search.admx Prevent adding user-specified locations to the All Locations menu
search.admx Prevent automatically adding shared folders to the Windows Search index
search.admx Prevent clients from querying the index remotely
search.admx Prevent customization of indexed locations in Control Panel
search.admx Prevent customization of indexed locations in Control Panel
search.admx Prevent indexing certain paths
search.admx Prevent indexing certain paths
search.admx Prevent indexing e-mail attachments
search.admx Prevent indexing files in offline files cache
search.admx Prevent indexing Microsoft Office Outlook
search.admx Prevent indexing of certain file types
search.admx Prevent indexing public folders
search.admx Prevent indexing when running on battery power to conserve energy
search.admx Prevent the display of advanced indexing options for Windows Search in t
search.admx Prevent unwanted iFilters and protocol handlers
search.admx Preview pane location
search.admx Set large or small icon view in desktop search results
search.admx Set the SafeSearch setting for Search
search.admx Set what information is shared in Search
search.admx Stop indexing in the event of limited hard drive space
search.admx Turn off storage and display of search history
securitycenter.admx Turn on Security Center (Domain PCs only)
sensors.admx Turn off location
sensors.admx Turn off location
sensors.admx Turn off location scripting
sensors.admx Turn off location scripting
sensors.admx Turn off sensors
sensors.admx Turn off sensors
servermanager.admx Configure the refresh interval for Server Manager
servermanager.admx Do not display Initial Configuration Tasks window automatically at logon
servermanager.admx Do not display Manage Your Server page at logon
servermanager.admx Do not display Server Manager automatically at logon
servicing.admx Specify settings for optional component installation and component repair
settingsync.admx Do not sync
settingsync.admx Do not sync app settings
settingsync.admx Do not sync Apps
settingsync.admx Do not sync browser settings
settingsync.admx Do not sync desktop personalization
settingsync.admx Do not sync on metered connections
settingsync.admx Do not sync other Windows settings
settingsync.admx Do not sync passwords
settingsync.admx Do not sync personalize
settingsync.admx Do not sync start settings
setup.admx Specify Windows installation file location
setup.admx Specify Windows Service Pack installation file location
shapecollector.admx Turn off handwriting personalization data sharing
shapecollector.admx Turn off handwriting personalization data sharing
sharedfolders.admx Allow DFS roots to be published
sharedfolders.admx Allow shared folders to be published
sharing.admx Prevent the computer from joining a homegroup
sharing.admx Prevent users from sharing files within their profile.
shell-commandprompt-regedittools Don't run specified Windows applications
shell-commandprompt-regedittools Prevent access to registry editing tools
shell-commandprompt-regedittools Prevent access to the command prompt
shell-commandprompt-regedittools Run only specified Windows applications
shellwelcomecenter.admx Do not display the Welcome Center at user logon
sidebar.admx Restrict unpacking and installation of gadgets that are not digitally signed.
sidebar.admx Restrict unpacking and installation of gadgets that are not digitally signed.
sidebar.admx Turn off desktop gadgets
sidebar.admx Turn off desktop gadgets
sidebar.admx Turn Off user-installed desktop gadgets
sidebar.admx Turn Off user-installed desktop gadgets
skydrive.admx Prevent OneDrive files from syncing over metered connections
skydrive.admx Prevent the usage of OneDrive for file storage
skydrive.admx Prevent the usage of OneDrive for file storage on Windows 8.1
skydrive.admx Save documents to OneDrive by default
smartcard.admx Allow certificates with no extended key usage certificate attribute
smartcard.admx Allow ECC certificates to be used for logon and authentication
smartcard.admx Allow Integrated Unblock screen to be displayed at the time of logon
smartcard.admx Allow signature keys valid for Logon
smartcard.admx Allow time invalid certificates
smartcard.admx Allow user name hint
smartcard.admx Configure root certificate clean up
smartcard.admx Display string when smart card is blocked
smartcard.admx Filter duplicate logon certificates
smartcard.admx Force the reading of all certificates from the smart card
smartcard.admx Notify user of successful smart card driver installation
smartcard.admx Prevent plaintext PINs from being returned by Credential Manager
smartcard.admx Reverse the subject name stored in a certificate when displaying
smartcard.admx Turn on certificate propagation from smart card
smartcard.admx Turn on root certificate propagation from smart card
smartcard.admx Turn on Smart Card Plug and Play service
snmp.admx Specify communities
snmp.admx Specify permitted managers
snmp.admx Specify traps for public community
soundrec.admx Do not allow Sound Recorder to run
soundrec.admx Do not allow Sound Recorder to run
srm-fci.admx Customize message for Access Denied errors
srm-fci.admx Enable access-denied assistance on client for all file types
srm-fci.admx File Classification Infrastructure: Display Classification tab in File Explorer
srm-fci.admx File Classification Infrastructure: Specify classification properties list
startmenu.admx Add "Run in Separate Memory Space" check box to Run dialog box
startmenu.admx Add Logoff to the Start Menu
startmenu.admx Add Search Internet link to Start Menu
startmenu.admx Add the Run command to the Start Menu
startmenu.admx Change Start Menu power button
startmenu.admx Clear history of recently opened documents on exit
startmenu.admx Clear the recent programs list for new users
startmenu.admx Clear tile notifications during log on
startmenu.admx Do not display any custom toolbars in the taskbar
startmenu.admx Do not keep history of recently opened documents
startmenu.admx Do not search communications
startmenu.admx Do not search for files
startmenu.admx Do not search Internet
startmenu.admx Do not search programs and Control Panel items
startmenu.admx Do not use the search-based method when resolving shell shortcuts
startmenu.admx Do not use the tracking-based method when resolving shell shortcuts
startmenu.admx Force classic Start Menu
startmenu.admx Force Start to be either full screen size or menu size
startmenu.admx Go to the desktop instead of Start when signing in
startmenu.admx Gray unavailable Windows Installer programs Start Menu shortcuts
startmenu.admx Hide the notification area
startmenu.admx List desktop apps first in the Apps view
startmenu.admx Lock the Taskbar
startmenu.admx Pin Apps to Start when installed
startmenu.admx Pin Apps to Start when installed
startmenu.admx Prevent changes to Taskbar and Start Menu Settings
startmenu.admx Prevent grouping of taskbar items
startmenu.admx Prevent users from customizing their Start Screen
startmenu.admx Prevent users from uninstalling applications from Start
startmenu.admx Remove access to the context menus for the taskbar
startmenu.admx Remove All Programs list from the Start menu
startmenu.admx Remove and prevent access to the Shut Down, Restart, Sleep, and Hiber
startmenu.admx Remove Balloon Tips on Start Menu items
startmenu.admx Remove Clock from the system notification area
startmenu.admx Remove common program groups from Start Menu
startmenu.admx Remove Default Programs link from the Start menu.
startmenu.admx Remove Documents icon from Start Menu
startmenu.admx Remove Downloads link from Start Menu
startmenu.admx Remove Favorites menu from Start Menu
startmenu.admx Remove frequent programs list from the Start Menu
startmenu.admx Remove Games link from Start Menu
startmenu.admx Remove Help menu from Start Menu
startmenu.admx Remove Homegroup link from Start Menu
startmenu.admx Remove links and access to Windows Update
startmenu.admx Remove Logoff on the Start Menu
startmenu.admx Remove Music icon from Start Menu
startmenu.admx Remove Network Connections from Start Menu
startmenu.admx Remove Network icon from Start Menu
startmenu.admx Remove Pictures icon from Start Menu
startmenu.admx Remove pinned programs list from the Start Menu
startmenu.admx Remove programs on Settings menu
startmenu.admx Remove Recent Items menu from Start Menu
startmenu.admx Remove Recorded TV link from Start Menu
startmenu.admx Remove Run menu from Start Menu
startmenu.admx Remove Search Computer link
startmenu.admx Remove Search link from Start Menu
startmenu.admx Remove See More Results / Search Everywhere link
startmenu.admx Remove the "Undock PC" button from the Start Menu
startmenu.admx Remove user folder link from Start Menu
startmenu.admx Remove user name from Start Menu
startmenu.admx Remove user's folders from the Start Menu
startmenu.admx Remove Videos link from Start Menu
startmenu.admx Search just apps from the Apps view
startmenu.admx Show "Run as different user" command on Start
startmenu.admx Show QuickLaunch on Taskbar
startmenu.admx Show Start on the display the user is using when they press the Windows
startmenu.admx Show the Apps view automatically when the user goes to Start
startmenu.admx Start Layout
startmenu.admx Start Layout
startmenu.admx Turn off notification area cleanup
startmenu.admx Turn off personalized menus
startmenu.admx Turn off user tracking
systemrestore.admx Turn off Configuration
systemrestore.admx Turn off System Restore
tabletpcinputpanel.admx Disable text prediction
tabletpcinputpanel.admx Disable text prediction
tabletpcinputpanel.admx For tablet pen input, dont show the Input Panel icon
tabletpcinputpanel.admx For tablet pen input, dont show the Input Panel icon
tabletpcinputpanel.admx For touch input, dont show the Input Panel icon
tabletpcinputpanel.admx For touch input, dont show the Input Panel icon
tabletpcinputpanel.admx Include rarely used Chinese, Kanji, or Hanja characters
tabletpcinputpanel.admx Include rarely used Chinese, Kanji, or Hanja characters
tabletpcinputpanel.admx Prevent Input Panel tab from appearing
tabletpcinputpanel.admx Prevent Input Panel tab from appearing
tabletpcinputpanel.admx Turn off AutoComplete integration with Input Panel
tabletpcinputpanel.admx Turn off AutoComplete integration with Input Panel
tabletpcinputpanel.admx Turn off password security in Input Panel
tabletpcinputpanel.admx Turn off password security in Input Panel
tabletpcinputpanel.admx Turn off tolerant and Z-shaped scratch-out gestures
tabletpcinputpanel.admx Turn off tolerant and Z-shaped scratch-out gestures
tabletshell.admx Do not allow Inkball to run
tabletshell.admx Do not allow Inkball to run
tabletshell.admx Do not allow printing to Journal Note Writer
tabletshell.admx Do not allow printing to Journal Note Writer
tabletshell.admx Do not allow Snipping Tool to run
tabletshell.admx Do not allow Snipping Tool to run
tabletshell.admx Do not allow Windows Journal to be run
tabletshell.admx Do not allow Windows Journal to be run
tabletshell.admx Prevent Back-ESC mapping
tabletshell.admx Prevent Back-ESC mapping
tabletshell.admx Prevent flicks
tabletshell.admx Prevent flicks
tabletshell.admx Prevent Flicks Learning Mode
tabletshell.admx Prevent Flicks Learning Mode
tabletshell.admx Prevent launch an application
tabletshell.admx Prevent launch an application
tabletshell.admx Prevent press and hold
tabletshell.admx Prevent press and hold
tabletshell.admx Turn off hardware buttons
tabletshell.admx Turn off hardware buttons
tabletshell.admx Turn off pen feedback
tabletshell.admx Turn off pen feedback
taskbar.admx Disable showing balloon notifications as toasts.
taskbar.admx Do not allow pinning items in Jump Lists
taskbar.admx Do not allow pinning programs to the Taskbar
taskbar.admx Do not allow pinning Store app to the Taskbar
taskbar.admx Do not allow taskbars on more than one display
taskbar.admx Do not display or track items in Jump Lists from remote locations
taskbar.admx Lock all taskbar settings
taskbar.admx Prevent users from adding or removing toolbars
taskbar.admx Prevent users from moving taskbar to another screen dock location
taskbar.admx Prevent users from rearranging toolbars
taskbar.admx Prevent users from resizing the taskbar
taskbar.admx Remove Notifications and Action Center
taskbar.admx Remove pinned programs from the Taskbar
taskbar.admx Remove the battery meter
taskbar.admx Remove the networking icon
taskbar.admx Remove the Security and Maintenance icon
taskbar.admx Remove the volume control icon
taskbar.admx Show Windows Store apps on the taskbar
taskbar.admx Turn off all balloon notifications
taskbar.admx Turn off automatic promotion of notification icons to the taskbar
taskbar.admx Turn off feature advertisement balloon notifications
taskbar.admx Turn off taskbar thumbnails
taskscheduler.admx Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
taskscheduler.admx Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
taskscheduler.admx Hide Property Pages
taskscheduler.admx Hide Property Pages
taskscheduler.admx Prevent Task Run or End
taskscheduler.admx Prevent Task Run or End
taskscheduler.admx Prohibit Browse
taskscheduler.admx Prohibit Browse
taskscheduler.admx Prohibit Drag-and-Drop
taskscheduler.admx Prohibit Drag-and-Drop
taskscheduler.admx Prohibit New Task Creation
taskscheduler.admx Prohibit New Task Creation
taskscheduler.admx Prohibit Task Deletion
taskscheduler.admx Prohibit Task Deletion
tcpip.admx Set 6to4 Relay Name
tcpip.admx Set 6to4 Relay Name Resolution Interval
tcpip.admx Set 6to4 State
tcpip.admx Set IP Stateless Autoconfiguration Limits State
tcpip.admx Set IP-HTTPS State
tcpip.admx Set ISATAP Router Name
tcpip.admx Set ISATAP State
tcpip.admx Set Teredo Client Port
tcpip.admx Set Teredo Default Qualified
tcpip.admx Set Teredo Refresh Rate
tcpip.admx Set Teredo Server Name
tcpip.admx Set Teredo State
tcpip.admx Set Window Scaling Heuristics State
terminalserver.admx Allow .rdp files from unknown publishers
terminalserver.admx Allow .rdp files from unknown publishers
terminalserver.admx Allow .rdp files from valid publishers and user's default .rdp settings
terminalserver.admx Allow .rdp files from valid publishers and user's default .rdp settings
terminalserver.admx Allow audio and video playback redirection
terminalserver.admx Allow audio recording redirection
terminalserver.admx Allow RDP redirection of other supported RemoteFX USB devices from thi
terminalserver.admx Allow time zone redirection
terminalserver.admx Allow users to connect remotely by using Remote Desktop Services
terminalserver.admx Always prompt for password upon connection
terminalserver.admx Always show desktop on connection
terminalserver.admx Automatic reconnection
terminalserver.admx Configure compression for RemoteFX data
terminalserver.admx Configure H.264/AVC hardware encoding for Remote Desktop Connection
terminalserver.admx Configure image quality for RemoteFX Adaptive Graphics
terminalserver.admx Configure keep-alive connection interval
terminalserver.admx Configure RD Connection Broker farm name
terminalserver.admx Configure RD Connection Broker server name
terminalserver.admx Configure RemoteFX
terminalserver.admx Configure RemoteFX Adaptive Graphics
terminalserver.admx Configure server authentication for client
terminalserver.admx Deny logoff of an administrator logged in to the console session
terminalserver.admx Do not allow client printer redirection
terminalserver.admx Do not allow Clipboard redirection
terminalserver.admx Do not allow COM port redirection
terminalserver.admx Do not allow drive redirection
terminalserver.admx Do not allow hardware accelerated decoding
terminalserver.admx Do not allow local administrators to customize permissions
terminalserver.admx Do not allow LPT port redirection
terminalserver.admx Do not allow passwords to be saved
terminalserver.admx Do not allow passwords to be saved
terminalserver.admx Do not allow smart card device redirection
terminalserver.admx Do not allow supported Plug and Play device redirection
terminalserver.admx Do not delete temp folders upon exit
terminalserver.admx Do not set default client printer to be default printer in a session
terminalserver.admx Do not use temporary folders per session
terminalserver.admx Enable connection through RD Gateway
terminalserver.admx Enable RemoteFX encoding for RemoteFX clients designed for Windows Se
terminalserver.admx End session when time limits are reached
terminalserver.admx End session when time limits are reached
terminalserver.admx Enforce Removal of Remote Desktop Wallpaper
terminalserver.admx Hide notifications about RD Licensing problems that affect the RD Session
terminalserver.admx Join RD Connection Broker
terminalserver.admx License server security group
terminalserver.admx Limit audio playback quality
terminalserver.admx Limit maximum color depth
terminalserver.admx Limit maximum display resolution
terminalserver.admx Limit number of connections
terminalserver.admx Limit number of monitors
terminalserver.admx Limit the size of the entire roaming user profile cache
terminalserver.admx Optimize visual experience for Remote Desktop Service Sessions
terminalserver.admx Optimize visual experience when using RemoteFX
terminalserver.admx Prevent license upgrade
terminalserver.admx Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections
terminalserver.admx Prompt for credentials on the client computer
terminalserver.admx Remove "Disconnect" option from Shut Down dialog
terminalserver.admx Remove Windows Security item from Start menu
terminalserver.admx Require secure RPC communication
terminalserver.admx Require use of specific security layer for remote (RDP) connections
terminalserver.admx Require user authentication for remote connections by using Network Lev
terminalserver.admx Restrict Remote Desktop Services users to a single Remote Desktop Servic
terminalserver.admx Select network detection on the server
terminalserver.admx Select RDP transport protocols
terminalserver.admx Server authentication certificate template
terminalserver.admx Set client connection encryption level
terminalserver.admx Set path for Remote Desktop Services Roaming User Profile
terminalserver.admx Set RD Gateway authentication method
terminalserver.admx Set RD Gateway server address
terminalserver.admx Set Remote Desktop Services User Home Directory
terminalserver.admx Set rules for remote control of Remote Desktop Services user sessions
terminalserver.admx Set rules for remote control of Remote Desktop Services user sessions
terminalserver.admx Set the Remote Desktop licensing mode
terminalserver.admx Set time limit for active but idle Remote Desktop Services sessions
terminalserver.admx Set time limit for active but idle Remote Desktop Services sessions
terminalserver.admx Set time limit for active Remote Desktop Services sessions
terminalserver.admx Set time limit for active Remote Desktop Services sessions
terminalserver.admx Set time limit for disconnected sessions
terminalserver.admx Set time limit for disconnected sessions
terminalserver.admx Specify default connection URL
terminalserver.admx Specify RD Session Host server fallback printer driver behavior
terminalserver.admx Specify SHA1 thumbprints of certificates representing trusted .rdp publish
terminalserver.admx Specify SHA1 thumbprints of certificates representing trusted .rdp publish
terminalserver.admx Start a program on connection
terminalserver.admx Start a program on connection
terminalserver.admx Suspend user sign-in to complete app registration
terminalserver.admx Turn Off UDP On Client
terminalserver.admx Use advanced RemoteFX graphics for RemoteApp
terminalserver.admx Use IP Address Redirection
terminalserver.admx Use mandatory profiles on the RD Session Host server
terminalserver.admx Use Remote Desktop Easy Print printer driver first
terminalserver.admx Use Remote Desktop Easy Print printer driver first
terminalserver.admx Use the hardware default graphics adapter for all Remote Desktop Service
terminalserver.admx Use the specified Remote Desktop license servers
terminalserver-server.admx Allow desktop composition for remote desktop sessions
terminalserver-server.admx Allow remote start of unlisted programs
terminalserver-server.admx Allow time zone redirection
terminalserver-server.admx Always show desktop on connection
terminalserver-server.admx Do not allow Clipboard redirection
terminalserver-server.admx Do not allow font smoothing
terminalserver-server.admx Do not use Remote Desktop Session Host server IP address when virtual IP
terminalserver-server.admx Redirect only the default client printer
terminalserver-server.admx Redirect only the default client printer
terminalserver-server.admx Remove remote desktop wallpaper
terminalserver-server.admx Select the network adapter to be used for Remote Desktop IP Virtualizatio
terminalserver-server.admx Set time limit for logoff of RemoteApp sessions
terminalserver-server.admx Set time limit for logoff of RemoteApp sessions
terminalserver-server.admx Turn off Fair Share CPU Scheduling
terminalserver-server.admx Turn off Windows Installer RDS Compatibility
terminalserver-server.admx Turn on Remote Desktop IP Virtualization
terminalserver-server.admx Use RD Connection Broker load balancing
thumbnails.admx Turn off the caching of thumbnails in hidden thumbs.db files
thumbnails.admx Turn off the display of thumbnails and only display icons on network folde
thumbnails.admx Turn off the display of thumbnails and only display icons.
touchinput.admx Turn off Tablet PC touch input
touchinput.admx Turn off Tablet PC touch input
touchinput.admx Turn off Touch Panning
touchinput.admx Turn off Touch Panning
tpm.admx Configure the level of TPM owner authorization information available to t
tpm.admx Configure the list of blocked TPM commands
tpm.admx Ignore the default list of blocked TPM commands
tpm.admx Ignore the local list of blocked TPM commands
tpm.admx Standard User Individual Lockout Threshold
tpm.admx Standard User Lockout Duration
tpm.admx Standard User Total Lockout Threshold
userexperiencevirtualization.admx Access 2013 backup only
userexperiencevirtualization.admx Access 2013 backup only
userexperiencevirtualization.admx Access 2016 backup only
userexperiencevirtualization.admx Access 2016 backup only
userexperiencevirtualization.admx Calculator
userexperiencevirtualization.admx Calculator
userexperiencevirtualization.admx Common 2013 backup only
userexperiencevirtualization.admx Common 2013 backup only
userexperiencevirtualization.admx Common 2016 backup only
userexperiencevirtualization.admx Common 2016 backup only
userexperiencevirtualization.admx Configure Sync Method
userexperiencevirtualization.admx Configure Sync Method
userexperiencevirtualization.admx Contact IT Link Text
userexperiencevirtualization.admx Contact IT URL
userexperiencevirtualization.admx Do not synchronize Windows Apps
userexperiencevirtualization.admx Do not synchronize Windows Apps
userexperiencevirtualization.admx Enable UEV
userexperiencevirtualization.admx Excel 2013 backup only
userexperiencevirtualization.admx Excel 2013 backup only
userexperiencevirtualization.admx Excel 2016 backup only
userexperiencevirtualization.admx Excel 2016 backup only
userexperiencevirtualization.admx Finance
userexperiencevirtualization.admx Finance
userexperiencevirtualization.admx First Use Notification
userexperiencevirtualization.admx Games
userexperiencevirtualization.admx Games
userexperiencevirtualization.admx InfoPath 2013 backup only
userexperiencevirtualization.admx InfoPath 2013 backup only
userexperiencevirtualization.admx Internet Explorer 10
userexperiencevirtualization.admx Internet Explorer 10
userexperiencevirtualization.admx Internet Explorer 11
userexperiencevirtualization.admx Internet Explorer 11
userexperiencevirtualization.admx Internet Explorer 8
userexperiencevirtualization.admx Internet Explorer 8
userexperiencevirtualization.admx Internet Explorer 9
userexperiencevirtualization.admx Internet Explorer 9
userexperiencevirtualization.admx Internet Explorer Common Settings
userexperiencevirtualization.admx Internet Explorer Common Settings
userexperiencevirtualization.admx Lync 2013 backup only
userexperiencevirtualization.admx Lync 2013 backup only
userexperiencevirtualization.admx Lync 2016 backup only
userexperiencevirtualization.admx Lync 2016 backup only
userexperiencevirtualization.admx Maps
userexperiencevirtualization.admx Maps
userexperiencevirtualization.admx Microsoft Access 2010
userexperiencevirtualization.admx Microsoft Access 2010
userexperiencevirtualization.admx Microsoft Access 2013
userexperiencevirtualization.admx Microsoft Access 2013
userexperiencevirtualization.admx Microsoft Access 2016
userexperiencevirtualization.admx Microsoft Access 2016
userexperiencevirtualization.admx Microsoft Excel 2010
userexperiencevirtualization.admx Microsoft Excel 2010
userexperiencevirtualization.admx Microsoft Excel 2013
userexperiencevirtualization.admx Microsoft Excel 2013
userexperiencevirtualization.admx Microsoft Excel 2016
userexperiencevirtualization.admx Microsoft Excel 2016
userexperiencevirtualization.admx Microsoft InfoPath 2010
userexperiencevirtualization.admx Microsoft InfoPath 2010
userexperiencevirtualization.admx Microsoft InfoPath 2013
userexperiencevirtualization.admx Microsoft InfoPath 2013
userexperiencevirtualization.admx Microsoft Lync 2010
userexperiencevirtualization.admx Microsoft Lync 2010
userexperiencevirtualization.admx Microsoft Lync 2013
userexperiencevirtualization.admx Microsoft Lync 2013
userexperiencevirtualization.admx Microsoft Lync 2016
userexperiencevirtualization.admx Microsoft Lync 2016
userexperiencevirtualization.admx Microsoft Office 2010 Common Settings
userexperiencevirtualization.admx Microsoft Office 2010 Common Settings
userexperiencevirtualization.admx Microsoft Office 2013 Common Settings
userexperiencevirtualization.admx Microsoft Office 2013 Common Settings
userexperiencevirtualization.admx Microsoft Office 2013 Upload Center
userexperiencevirtualization.admx Microsoft Office 2013 Upload Center
userexperiencevirtualization.admx Microsoft Office 2016 Common Settings
userexperiencevirtualization.admx Microsoft Office 2016 Common Settings
userexperiencevirtualization.admx Microsoft Office 2016 Upload Center
userexperiencevirtualization.admx Microsoft Office 2016 Upload Center
userexperiencevirtualization.admx Microsoft Office 365 Access 2013
userexperiencevirtualization.admx Microsoft Office 365 Access 2013
userexperiencevirtualization.admx Microsoft Office 365 Access 2016
userexperiencevirtualization.admx Microsoft Office 365 Access 2016
userexperiencevirtualization.admx Microsoft Office 365 Common 2013
userexperiencevirtualization.admx Microsoft Office 365 Common 2013
userexperiencevirtualization.admx Microsoft Office 365 Common 2016
userexperiencevirtualization.admx Microsoft Office 365 Common 2016
userexperiencevirtualization.admx Microsoft Office 365 Excel 2013
userexperiencevirtualization.admx Microsoft Office 365 Excel 2013
userexperiencevirtualization.admx Microsoft Office 365 Excel 2016
userexperiencevirtualization.admx Microsoft Office 365 Excel 2016
userexperiencevirtualization.admx Microsoft Office 365 InfoPath 2013
userexperiencevirtualization.admx Microsoft Office 365 InfoPath 2013
userexperiencevirtualization.admx Microsoft Office 365 Lync 2013
userexperiencevirtualization.admx Microsoft Office 365 Lync 2013
userexperiencevirtualization.admx Microsoft Office 365 Lync 2016
userexperiencevirtualization.admx Microsoft Office 365 Lync 2016
userexperiencevirtualization.admx Microsoft Office 365 OneNote 2013
userexperiencevirtualization.admx Microsoft Office 365 OneNote 2013
userexperiencevirtualization.admx Microsoft Office 365 OneNote 2016
userexperiencevirtualization.admx Microsoft Office 365 OneNote 2016
userexperiencevirtualization.admx Microsoft Office 365 Outlook 2013
userexperiencevirtualization.admx Microsoft Office 365 Outlook 2013
userexperiencevirtualization.admx Microsoft Office 365 Outlook 2016
userexperiencevirtualization.admx Microsoft Office 365 Outlook 2016
userexperiencevirtualization.admx Microsoft Office 365 PowerPoint 2013
userexperiencevirtualization.admx Microsoft Office 365 PowerPoint 2013
userexperiencevirtualization.admx Microsoft Office 365 PowerPoint 2016
userexperiencevirtualization.admx Microsoft Office 365 PowerPoint 2016
userexperiencevirtualization.admx Microsoft Office 365 Project 2013
userexperiencevirtualization.admx Microsoft Office 365 Project 2013
userexperiencevirtualization.admx Microsoft Office 365 Project 2016
userexperiencevirtualization.admx Microsoft Office 365 Project 2016
userexperiencevirtualization.admx Microsoft Office 365 Publisher 2013
userexperiencevirtualization.admx Microsoft Office 365 Publisher 2013
userexperiencevirtualization.admx Microsoft Office 365 Publisher 2016
userexperiencevirtualization.admx Microsoft Office 365 Publisher 2016
userexperiencevirtualization.admx Microsoft Office 365 SharePoint Designer 2013
userexperiencevirtualization.admx Microsoft Office 365 SharePoint Designer 2013
userexperiencevirtualization.admx Microsoft Office 365 Visio 2013
userexperiencevirtualization.admx Microsoft Office 365 Visio 2013
userexperiencevirtualization.admx Microsoft Office 365 Visio 2016
userexperiencevirtualization.admx Microsoft Office 365 Visio 2016
userexperiencevirtualization.admx Microsoft Office 365 Word 2013
userexperiencevirtualization.admx Microsoft Office 365 Word 2013
userexperiencevirtualization.admx Microsoft Office 365 Word 2016
userexperiencevirtualization.admx Microsoft Office 365 Word 2016
userexperiencevirtualization.admx Microsoft OneDrive for Business 2013
userexperiencevirtualization.admx Microsoft OneDrive for Business 2013
userexperiencevirtualization.admx Microsoft OneDrive for Business 2016
userexperiencevirtualization.admx Microsoft OneDrive for Business 2016
userexperiencevirtualization.admx Microsoft OneNote 2010
userexperiencevirtualization.admx Microsoft OneNote 2010
userexperiencevirtualization.admx Microsoft OneNote 2013
userexperiencevirtualization.admx Microsoft OneNote 2013
userexperiencevirtualization.admx Microsoft OneNote 2016
userexperiencevirtualization.admx Microsoft OneNote 2016
userexperiencevirtualization.admx Microsoft Outlook 2010
userexperiencevirtualization.admx Microsoft Outlook 2010
userexperiencevirtualization.admx Microsoft Outlook 2013
userexperiencevirtualization.admx Microsoft Outlook 2013
userexperiencevirtualization.admx Microsoft Outlook 2016
userexperiencevirtualization.admx Microsoft Outlook 2016
userexperiencevirtualization.admx Microsoft PowerPoint 2010
userexperiencevirtualization.admx Microsoft PowerPoint 2010
userexperiencevirtualization.admx Microsoft PowerPoint 2013
userexperiencevirtualization.admx Microsoft PowerPoint 2013
userexperiencevirtualization.admx Microsoft PowerPoint 2016
userexperiencevirtualization.admx Microsoft PowerPoint 2016
userexperiencevirtualization.admx Microsoft Project 2010
userexperiencevirtualization.admx Microsoft Project 2010
userexperiencevirtualization.admx Microsoft Project 2013
userexperiencevirtualization.admx Microsoft Project 2013
userexperiencevirtualization.admx Microsoft Project 2016
userexperiencevirtualization.admx Microsoft Project 2016
userexperiencevirtualization.admx Microsoft Publisher 2010
userexperiencevirtualization.admx Microsoft Publisher 2010
userexperiencevirtualization.admx Microsoft Publisher 2013
userexperiencevirtualization.admx Microsoft Publisher 2013
userexperiencevirtualization.admx Microsoft Publisher 2016
userexperiencevirtualization.admx Microsoft Publisher 2016
userexperiencevirtualization.admx Microsoft SharePoint Designer 2010
userexperiencevirtualization.admx Microsoft SharePoint Designer 2010
userexperiencevirtualization.admx Microsoft SharePoint Designer 2013
userexperiencevirtualization.admx Microsoft SharePoint Designer 2013
userexperiencevirtualization.admx Microsoft SharePoint Workspace 2010
userexperiencevirtualization.admx Microsoft SharePoint Workspace 2010
userexperiencevirtualization.admx Microsoft Visio 2010
userexperiencevirtualization.admx Microsoft Visio 2010
userexperiencevirtualization.admx Microsoft Visio 2013
userexperiencevirtualization.admx Microsoft Visio 2013
userexperiencevirtualization.admx Microsoft Visio 2016
userexperiencevirtualization.admx Microsoft Visio 2016
userexperiencevirtualization.admx Microsoft Word 2010
userexperiencevirtualization.admx Microsoft Word 2010
userexperiencevirtualization.admx Microsoft Word 2013
userexperiencevirtualization.admx Microsoft Word 2013
userexperiencevirtualization.admx Microsoft Word 2016
userexperiencevirtualization.admx Microsoft Word 2016
userexperiencevirtualization.admx Music
userexperiencevirtualization.admx Music
userexperiencevirtualization.admx News
userexperiencevirtualization.admx News
userexperiencevirtualization.admx Notepad
userexperiencevirtualization.admx Notepad
userexperiencevirtualization.admx OneNote 2013 backup only
userexperiencevirtualization.admx OneNote 2013 backup only
userexperiencevirtualization.admx OneNote 2016 backup only
userexperiencevirtualization.admx OneNote 2016 backup only
userexperiencevirtualization.admx Outlook 2013 backup only
userexperiencevirtualization.admx Outlook 2013 backup only
userexperiencevirtualization.admx Outlook 2016 backup only
userexperiencevirtualization.admx Outlook 2016 backup only
userexperiencevirtualization.admx Ping the settings storage location before sync
userexperiencevirtualization.admx Ping the settings storage location before sync
userexperiencevirtualization.admx PowerPoint 2013 backup only
userexperiencevirtualization.admx PowerPoint 2013 backup only
userexperiencevirtualization.admx PowerPoint 2016 backup only
userexperiencevirtualization.admx PowerPoint 2016 backup only
userexperiencevirtualization.admx Project 2013 backup only
userexperiencevirtualization.admx Project 2013 backup only
userexperiencevirtualization.admx Project 2016 backup only
userexperiencevirtualization.admx Project 2016 backup only
userexperiencevirtualization.admx Publisher 2013 backup only
userexperiencevirtualization.admx Publisher 2013 backup only
userexperiencevirtualization.admx Publisher 2016 backup only
userexperiencevirtualization.admx Publisher 2016 backup only
userexperiencevirtualization.admx Reader
userexperiencevirtualization.admx Reader
userexperiencevirtualization.admx Settings package size warning threshold
userexperiencevirtualization.admx Settings package size warning threshold
userexperiencevirtualization.admx Settings storage path
userexperiencevirtualization.admx Settings storage path
userexperiencevirtualization.admx Settings template catalog path
userexperiencevirtualization.admx SharePoint Designer 2013 backup only
userexperiencevirtualization.admx SharePoint Designer 2013 backup only
userexperiencevirtualization.admx Sports
userexperiencevirtualization.admx Sports
userexperiencevirtualization.admx Sync settings over metered connections
userexperiencevirtualization.admx Sync settings over metered connections
userexperiencevirtualization.admx Sync settings over metered connections even when roaming
userexperiencevirtualization.admx Sync settings over metered connections even when roaming
userexperiencevirtualization.admx Sync Unlisted Windows Apps
userexperiencevirtualization.admx Synchronization timeout
userexperiencevirtualization.admx Synchronization timeout
userexperiencevirtualization.admx Synchronize Windows settings
userexperiencevirtualization.admx Synchronize Windows settings
userexperiencevirtualization.admx Travel
userexperiencevirtualization.admx Travel
userexperiencevirtualization.admx Tray Icon
userexperiencevirtualization.admx Use User Experience Virtualization (UE-V)
userexperiencevirtualization.admx Use User Experience Virtualization (UE-V)
userexperiencevirtualization.admx VDI Configuration
userexperiencevirtualization.admx VDI Configuration
userexperiencevirtualization.admx Video
userexperiencevirtualization.admx Video
userexperiencevirtualization.admx Visio 2013 backup only
userexperiencevirtualization.admx Visio 2013 backup only
userexperiencevirtualization.admx Visio 2016 backup only
userexperiencevirtualization.admx Visio 2016 backup only
userexperiencevirtualization.admx Weather
userexperiencevirtualization.admx Weather
userexperiencevirtualization.admx Word 2013 backup only
userexperiencevirtualization.admx Word 2013 backup only
userexperiencevirtualization.admx Word 2016 backup only
userexperiencevirtualization.admx Word 2016 backup only
userexperiencevirtualization.admx WordPad
userexperiencevirtualization.admx WordPad
userprofiles.admx Add the Administrators security group to roaming user profiles
userprofiles.admx Connect home directory to root of the share
userprofiles.admx Control slow network connection timeout for user profiles
userprofiles.admx Delete cached copies of roaming profiles
userprofiles.admx Delete user profiles older than a specified number of days on system resta
userprofiles.admx Disable detection of slow network connections
userprofiles.admx Do not check for user ownership of Roaming Profile Folders
userprofiles.admx Do not forcefully unload the users registry at user logoff
userprofiles.admx Do not log users on with temporary profiles
userprofiles.admx Download roaming profiles on primary computers only
userprofiles.admx Establish timeout value for dialog boxes
userprofiles.admx Exclude directories in roaming profile
userprofiles.admx Leave Windows Installer and Group Policy Software Installation Data
userprofiles.admx Limit profile size
userprofiles.admx Maximum retries to unload and update user profile
userprofiles.admx Only allow local user profiles
userprofiles.admx Prevent Roaming Profile changes from propagating to the server
userprofiles.admx Prompt user when a slow network connection is detected
userprofiles.admx Set maximum wait time for the network if a user has a roaming user profi
userprofiles.admx Set roaming profile path for all users logging onto this computer
userprofiles.admx Set the schedule for background upload of a roaming user profile's registry
userprofiles.admx Set user home folder
userprofiles.admx Specify network directories to sync at logon/logoff time only
userprofiles.admx Turn off the advertising ID
userprofiles.admx User management of sharing user name, account picture, and domain info
userprofiles.admx Wait for remote user profile
volumeencryption.admx Allow access to BitLocker-protected fixed data drives from earlier version
volumeencryption.admx Allow access to BitLocker-protected removable data drives from earlier v
volumeencryption.admx Allow enhanced PINs for startup
volumeencryption.admx Allow network unlock at startup
volumeencryption.admx Allow Secure Boot for integrity validation
volumeencryption.admx Choose default folder for recovery password
volumeencryption.admx Choose drive encryption method and cipher strength (Windows 10 [Version
volumeencryption.admx Choose drive encryption method and cipher strength (Windows 8, Window
volumeencryption.admx Choose drive encryption method and cipher strength (Windows Vista, Wi
volumeencryption.admx Choose how BitLocker-protected fixed drives can be recovered
volumeencryption.admx Choose how BitLocker-protected operating system drives can be recovere
volumeencryption.admx Choose how BitLocker-protected removable drives can be recovered
volumeencryption.admx Choose how users can recover BitLocker-protected drives (Windows Serve
volumeencryption.admx Configure minimum PIN length for startup
volumeencryption.admx Configure pre-boot recovery message and URL
volumeencryption.admx Configure TPM platform validation profile (Windows Vista, Windows Serv
volumeencryption.admx Configure TPM platform validation profile for BIOS-based firmware configu
volumeencryption.admx Configure TPM platform validation profile for native UEFI firmware configu
volumeencryption.admx Configure use of hardware-based encryption for fixed data drives
volumeencryption.admx Configure use of hardware-based encryption for operating system drives
volumeencryption.admx Configure use of hardware-based encryption for removable data drives
volumeencryption.admx Configure use of passwords for fixed data drives
volumeencryption.admx Configure use of passwords for operating system drives
volumeencryption.admx Configure use of passwords for removable data drives
volumeencryption.admx Configure use of smart cards on fixed data drives
volumeencryption.admx Configure use of smart cards on removable data drives
volumeencryption.admx Control use of BitLocker on removable drives
volumeencryption.admx Deny write access to fixed drives not protected by BitLocker
volumeencryption.admx Deny write access to removable drives not protected by BitLocker
volumeencryption.admx Disallow standard users from changing the PIN or password
volumeencryption.admx Enable use of BitLocker authentication requiring preboot keyboard input o
volumeencryption.admx Enforce drive encryption type on fixed data drives
volumeencryption.admx Enforce drive encryption type on operating system drives
volumeencryption.admx Enforce drive encryption type on removable data drives
volumeencryption.admx Prevent memory overwrite on restart
volumeencryption.admx Provide the unique identifiers for your organization
volumeencryption.admx Require additional authentication at startup
volumeencryption.admx Require additional authentication at startup (Windows Server 2008 and W
volumeencryption.admx Reset platform validation data after BitLocker recovery
volumeencryption.admx Store BitLocker recovery information in Active Directory Domain Service
volumeencryption.admx Use enhanced Boot Configuration Data validation profile
volumeencryption.admx Validate smart card certificate usage rule compliance
w32time.admx Configure Windows NTP Client
w32time.admx Enable Windows NTP Client
w32time.admx Enable Windows NTP Server
w32time.admx Global Configuration Settings
wcm.admx Disable power management in connected standby mode
wcm.admx Minimize the number of simultaneous connections to the Internet or a
wcm.admx Prohibit connection to non-domain networks when connected to domain
wcm.admx Prohibit connection to roaming Mobile Broadband networks
wdi.admx Diagnostics: Configure scenario execution level
wdi.admx Diagnostics: Configure scenario retention
wincal.admx Turn off Windows Calendar
wincal.admx Turn off Windows Calendar
windowsanytimeupgrade.admx Prevent the wizard from running.
windowsanytimeupgrade.admx Prevent the wizard from running.
windowsbackup.admx Allow only system backup
windowsbackup.admx Disallow locally attached storage as backup target
windowsbackup.admx Disallow network as backup target
windowsbackup.admx Disallow optical media as backup target
windowsbackup.admx Disallow run-once backups
windowscolorsystem.admx Prohibit installing or uninstalling color profiles
windowscolorsystem.admx Prohibit installing or uninstalling color profiles
windowsconnectnow.admx Configuration of wireless settings using Windows Connect Now
windowsconnectnow.admx Prohibit access of the Windows Connect Now wizards
windowsconnectnow.admx Prohibit access of the Windows Connect Now wizards
windowsdefender.admx Allow antimalware service to remain running always
windowsdefender.admx Allow antimalware service to startup with normal priority
windowsdefender.admx Allow definition updates from Microsoft Update
windowsdefender.admx Allow definition updates when running on battery power
windowsdefender.admx Allow notifications to disable definitions based reports to Microsoft MAPS
windowsdefender.admx Allow real-time definition updates based on reports to Microsoft MAPS
windowsdefender.admx Allow users to pause scan
windowsdefender.admx Check for the latest virus and spyware definitions before running a schedu
windowsdefender.admx Check for the latest virus and spyware definitions on startup
windowsdefender.admx Configure local administrator merge behavior for lists
windowsdefender.admx Configure local setting override for maximum percentage of CPU utilizatio
windowsdefender.admx Configure local setting override for monitoring file and program activity
windowsdefender.admx Configure local setting override for monitoring for incoming and outgoing fi
windowsdefender.admx Configure local setting override for reporting to Microsoft MAPS
windowsdefender.admx Configure local setting override for scanning all downloaded files and att
windowsdefender.admx Configure local setting override for schedule scan day
windowsdefender.admx Configure local setting override for scheduled quick scan time
windowsdefender.admx Configure local setting override for scheduled scan time
windowsdefender.admx Configure local setting override for the removal of items from Quarantine
windowsdefender.admx Configure local setting override for the scan type to use for a scheduled sc
windowsdefender.admx Configure local setting override for the time of day to run a scheduled ful
windowsdefender.admx Configure local setting override for turn on behavior monitoring
windowsdefender.admx Configure local setting override to turn on real-time protection
windowsdefender.admx Configure monitoring for incoming and outgoing file and program activity
windowsdefender.admx Configure removal of items from Quarantine folder
windowsdefender.admx Configure the 'Block at First Sight' feature
windowsdefender.admx Configure time out for detections in critically failed state
windowsdefender.admx Configure time out for detections in non-critical failed state
windowsdefender.admx Configure time out for detections in recently remediated state
windowsdefender.admx Configure time out for detections requiring additional action
windowsdefender.admx Configure Watson events
windowsdefender.admx Configure Windows software trace preprocessor components
windowsdefender.admx Configure WPP tracing level
windowsdefender.admx Create a system restore point
windowsdefender.admx Define addresses to bypass proxy server
windowsdefender.admx Define file shares for downloading definition updates
windowsdefender.admx Define proxy auto-config (.pac) for connecting to the network
windowsdefender.admx Define proxy server for connecting to the network
windowsdefender.admx Define the maximum size of downloaded files and attachments to be scan
windowsdefender.admx Define the number of days after which a catch-up definition update is req
windowsdefender.admx Define the number of days after which a catch-up scan is forced
windowsdefender.admx Define the number of days before spyware definitions are considered out
windowsdefender.admx Define the number of days before virus definitions are considered out of d
windowsdefender.admx Define the order of sources for downloading definition updates
windowsdefender.admx Display additional text to clients when they need to perform an action
windowsdefender.admx Enable headless UI mode
windowsdefender.admx Extension Exclusions
windowsdefender.admx Initiate definition update on startup
windowsdefender.admx Join Microsoft MAPS
windowsdefender.admx Monitor file and program activity on your computer
windowsdefender.admx Path Exclusions
windowsdefender.admx Process Exclusions
windowsdefender.admx Randomize scheduled task times
windowsdefender.admx Run full scan on mapped network drives
windowsdefender.admx Scan all downloaded files and attachments
windowsdefender.admx Scan archive files
windowsdefender.admx Scan network files
windowsdefender.admx Scan packed executables
windowsdefender.admx Scan removable drives
windowsdefender.admx Send file samples when further analysis is required
windowsdefender.admx Specify additional definition sets for network traffic inspection
windowsdefender.admx Specify the day of the week to check for definition updates
windowsdefender.admx Specify the day of the week to run a scheduled full scan to complete reme
windowsdefender.admx Specify the day of the week to run a scheduled scan
windowsdefender.admx Specify the interval to check for definition updates
windowsdefender.admx Specify the interval to run quick scans per day
windowsdefender.admx Specify the maximum depth to scan archive files
windowsdefender.admx Specify the maximum percentage of CPU utilization during a scan
windowsdefender.admx Specify the maximum size of archive files to be scanned
windowsdefender.admx Specify the scan type to use for a scheduled scan
windowsdefender.admx Specify the time for a daily quick scan
windowsdefender.admx Specify the time of day to run a scheduled full scan to complete remediati
windowsdefender.admx Specify the time of day to run a scheduled scan
windowsdefender.admx Specify the time to check for definition updates
windowsdefender.admx Specify threat alert levels at which default action should not be taken wh
windowsdefender.admx Specify threats upon which default action should not be taken when dete
windowsdefender.admx Start the scheduled scan only when computer is on but not in use
windowsdefender.admx Suppress all notifications
windowsdefender.admx Suppresses reboot notifications
windowsdefender.admx Turn off Auto Exclusions
windowsdefender.admx Turn off real-time protection
windowsdefender.admx Turn off routine remediation
windowsdefender.admx Turn off Windows Defender
windowsdefender.admx Turn on behavior monitoring
windowsdefender.admx Turn on catch-up full scan
windowsdefender.admx Turn on catch-up quick scan
windowsdefender.admx Turn on definition retirement
windowsdefender.admx Turn on e-mail scanning
windowsdefender.admx Turn on heuristics
windowsdefender.admx Turn on process scanning whenever real-time protection is enabled
windowsdefender.admx Turn on protocol recognition
windowsdefender.admx Turn on raw volume write notifications
windowsdefender.admx Turn on removal of items from scan history folder
windowsdefender.admx Turn on reparse point scanning
windowsdefender.admx Turn on scan after signature update
windowsexplorer.admx Allow only per user or approved shell extensions
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Allow the use of remote paths in file shortcut icons
windowsexplorer.admx Configure Windows SmartScreen
windowsexplorer.admx Disable binding directly to IPropertySetStorage without intermediate layer
windowsexplorer.admx Disable binding directly to IPropertySetStorage without intermediate layer
windowsexplorer.admx Disable Known Folders
windowsexplorer.admx Display confirmation dialog when deleting files
windowsexplorer.admx Do not allow Folder Options to be opened from the Options button on the
windowsexplorer.admx Do not move deleted files to the Recycle Bin
windowsexplorer.admx Do not request alternate credentials
windowsexplorer.admx Do not show the 'new application installed' notification
windowsexplorer.admx Do not track Shell shortcuts during roaming
windowsexplorer.admx Hide the common dialog back button
windowsexplorer.admx Hide the common dialog places bar
windowsexplorer.admx Hide the dropdown list of recent files
windowsexplorer.admx Hide these specified drives in My Computer
windowsexplorer.admx Hides the Manage item on the File Explorer context menu
windowsexplorer.admx Items displayed in Places Bar
windowsexplorer.admx Location where all default Library definition files for users/machines reside
windowsexplorer.admx Location where all default Library definition files for users/machines reside
windowsexplorer.admx Maximum allowed Recycle Bin size
windowsexplorer.admx Maximum number of recent documents
windowsexplorer.admx No Computers Near Me in Network Locations
windowsexplorer.admx No Entire Network in Network Locations
windowsexplorer.admx Pin Internet search sites to the "Search again" links and the Start menu
windowsexplorer.admx Pin Libraries or Search Connectors to the "Search again" links and the Sta
windowsexplorer.admx Prevent access to drives from My Computer
windowsexplorer.admx Remove "Map Network Drive" and "Disconnect Network Drive"
windowsexplorer.admx Remove CD Burning features
windowsexplorer.admx Remove DFS tab
windowsexplorer.admx Remove File Explorer's default context menu
windowsexplorer.admx Remove File menu from File Explorer
windowsexplorer.admx Remove Hardware tab
windowsexplorer.admx Remove Search button from File Explorer
windowsexplorer.admx Remove Security tab
windowsexplorer.admx Remove Shared Documents from My Computer
windowsexplorer.admx Remove the Search the Internet "Search again" link
windowsexplorer.admx Remove UI to change keyboard navigation indicator setting
windowsexplorer.admx Remove UI to change menu animation setting
windowsexplorer.admx Request credentials for network installations
windowsexplorer.admx Set a default associations configuration file
windowsexplorer.admx Show hibernate in the power options menu
windowsexplorer.admx Show lock in the user tile menu
windowsexplorer.admx Show sleep in the power options menu
windowsexplorer.admx Start File Explorer with ribbon minimized
windowsexplorer.admx Start File Explorer with ribbon minimized
windowsexplorer.admx Turn off caching of thumbnail pictures
windowsexplorer.admx Turn off display of recent search entries in the File Explorer search box
windowsexplorer.admx Turn off numerical sorting in File Explorer
windowsexplorer.admx Turn off numerical sorting in File Explorer
windowsexplorer.admx Turn off shell protocol protected mode
windowsexplorer.admx Turn off shell protocol protected mode
windowsexplorer.admx Turn off the display of snippets in Content view mode
windowsexplorer.admx Turn off Windows Libraries features that rely on indexed file data
windowsexplorer.admx Turn off Windows+X hotkeys
windowsexplorer.admx Turn on Classic Shell
windowsexplorer.admx Verify old and new Folder Redirection targets point to the same share befo
windowsfileprotection.admx Hide the file scan progress window
windowsfileprotection.admx Limit Windows File Protection cache size
windowsfileprotection.admx Set Windows File Protection scanning
windowsfileprotection.admx Specify Windows File Protection cache location
windowsfirewall.admx Windows Firewall: Allow authenticated IPsec bypass
windowsfirewall.admx Windows Firewall: Allow ICMP exceptions
windowsfirewall.admx Windows Firewall: Allow ICMP exceptions
windowsfirewall.admx Windows Firewall: Allow inbound file and printer sharing exception
windowsfirewall.admx Windows Firewall: Allow inbound file and printer sharing exception
windowsfirewall.admx Windows Firewall: Allow inbound remote administration exception
windowsfirewall.admx Windows Firewall: Allow inbound remote administration exception
windowsfirewall.admx Windows Firewall: Allow inbound Remote Desktop exceptions
windowsfirewall.admx Windows Firewall: Allow inbound Remote Desktop exceptions
windowsfirewall.admx Windows Firewall: Allow inbound UPnP framework exceptions
windowsfirewall.admx Windows Firewall: Allow inbound UPnP framework exceptions
windowsfirewall.admx Windows Firewall: Allow local port exceptions
windowsfirewall.admx Windows Firewall: Allow local port exceptions
windowsfirewall.admx Windows Firewall: Allow local program exceptions
windowsfirewall.admx Windows Firewall: Allow local program exceptions
windowsfirewall.admx Windows Firewall: Allow logging
windowsfirewall.admx Windows Firewall: Allow logging
windowsfirewall.admx Windows Firewall: Define inbound port exceptions
windowsfirewall.admx Windows Firewall: Define inbound port exceptions
windowsfirewall.admx Windows Firewall: Define inbound program exceptions
windowsfirewall.admx Windows Firewall: Define inbound program exceptions
windowsfirewall.admx Windows Firewall: Do not allow exceptions
windowsfirewall.admx Windows Firewall: Do not allow exceptions
windowsfirewall.admx Windows Firewall: Prohibit notifications
windowsfirewall.admx Windows Firewall: Prohibit notifications
windowsfirewall.admx Windows Firewall: Prohibit unicast response to multicast or broadcast req
windowsfirewall.admx Windows Firewall: Prohibit unicast response to multicast or broadcast req
windowsfirewall.admx Windows Firewall: Protect all network connections
windowsfirewall.admx Windows Firewall: Protect all network connections
windowsinkworkspace.admx Allow suggested apps in Windows Ink Workspace
windowsinkworkspace.admx Allow Windows Ink Workspace
windowsmail.admx Turn off the communities features
windowsmail.admx Turn off the communities features
windowsmail.admx Turn off Windows Mail application
windowsmail.admx Turn off Windows Mail application
windowsmediadrm.admx Prevent Windows Media DRM Internet Access
windowsmediaplayer.admx Allow Screen Saver
windowsmediaplayer.admx Configure HTTP Proxy
windowsmediaplayer.admx Configure MMS Proxy
windowsmediaplayer.admx Configure Network Buffering
windowsmediaplayer.admx Configure RTSP Proxy
windowsmediaplayer.admx Do Not Show Anchor
windowsmediaplayer.admx Do Not Show First Use Dialog Boxes
windowsmediaplayer.admx Hide Network Tab
windowsmediaplayer.admx Hide Privacy Tab
windowsmediaplayer.admx Hide Security Tab
windowsmediaplayer.admx Prevent Automatic Updates
windowsmediaplayer.admx Prevent CD and DVD Media Information Retrieval
windowsmediaplayer.admx Prevent Codec Download
windowsmediaplayer.admx Prevent Desktop Shortcut Creation
windowsmediaplayer.admx Prevent Media Sharing
windowsmediaplayer.admx Prevent Music File Media Information Retrieval
windowsmediaplayer.admx Prevent Quick Launch Toolbar Shortcut Creation
windowsmediaplayer.admx Prevent Radio Station Preset Retrieval
windowsmediaplayer.admx Prevent Video Smoothing
windowsmediaplayer.admx Set and Lock Skin
windowsmediaplayer.admx Streaming Media Protocols
windowsmessenger.admx Do not allow Windows Messenger to be run
windowsmessenger.admx Do not allow Windows Messenger to be run
windowsmessenger.admx Do not automatically start Windows Messenger initially
windowsmessenger.admx Do not automatically start Windows Messenger initially
windowsremotemanagement.admx Allow Basic authentication
windowsremotemanagement.admx Allow Basic authentication
windowsremotemanagement.admx Allow CredSSP authentication
windowsremotemanagement.admx Allow CredSSP authentication
windowsremotemanagement.admx Allow remote server management through WinRM
windowsremotemanagement.admx Allow unencrypted traffic
windowsremotemanagement.admx Allow unencrypted traffic
windowsremotemanagement.admx Disallow Digest authentication
windowsremotemanagement.admx Disallow Kerberos authentication
windowsremotemanagement.admx Disallow Kerberos authentication
windowsremotemanagement.admx Disallow Negotiate authentication
windowsremotemanagement.admx Disallow Negotiate authentication
windowsremotemanagement.admx Disallow WinRM from storing RunAs credentials
windowsremotemanagement.admx Specify channel binding token hardening level
windowsremotemanagement.admx Trusted Hosts
windowsremotemanagement.admx Turn On Compatibility HTTP Listener
windowsremotemanagement.admx Turn On Compatibility HTTPS Listener
windowsremoteshell.admx Allow Remote Shell Access
windowsremoteshell.admx MaxConcurrentUsers
windowsremoteshell.admx Specify idle Timeout
windowsremoteshell.admx Specify maximum amount of memory in MB per Shell
windowsremoteshell.admx Specify maximum number of processes per Shell
windowsremoteshell.admx Specify maximum number of remote shells per user
windowsremoteshell.admx Specify Shell Timeout
windowsstore.admx Disable all apps from Windows Store
windowsstore.admx Only display the private store within the Windows Store app
windowsstore.admx Only display the private store within the Windows Store app
windowsstore.admx Turn off Automatic Download and Install of updates
windowsstore.admx Turn off Automatic Download of updates on Win8 machines
windowsstore.admx Turn off the offer to update to the latest version of Windows
windowsstore.admx Turn off the offer to update to the latest version of Windows
windowsstore.admx Turn off the Store application
windowsstore.admx Turn off the Store application
windowsupdate.admx Allow Automatic Updates immediate installation
windowsupdate.admx Allow non-administrators to receive update notifications
windowsupdate.admx Allow signed updates from an intranet Microsoft update service location
windowsupdate.admx Always automatically restart at the scheduled time
windowsupdate.admx Automatic Updates detection frequency
windowsupdate.admx Configure Automatic Updates
windowsupdate.admx Delay Restart for scheduled installations
windowsupdate.admx Do not adjust default option to 'Install Updates and Shut Down' in Shut
windowsupdate.admx Do not adjust default option to 'Install Updates and Shut Down' in Shut
windowsupdate.admx Do not connect to any Windows Update Internet locations
windowsupdate.admx Do not display 'Install Updates and Shut Down' option in Shut Down Wind
windowsupdate.admx Do not display 'Install Updates and Shut Down' option in Shut Down Wind
windowsupdate.admx Do not include drivers with Windows Updates
windowsupdate.admx Enable client-side targeting
windowsupdate.admx Enabling Windows Update Power Management to automatically wake up the
windowsupdate.admx No auto-restart with logged on users for scheduled automatic updates inst
windowsupdate.admx Remove access to use all Windows Update features
windowsupdate.admx Re-prompt for restart with scheduled installations
windowsupdate.admx Reschedule Automatic Updates scheduled installations
windowsupdate.admx Select when Feature Updates are received
windowsupdate.admx Select when Quality Updates are received
windowsupdate.admx Specify intranet Microsoft update service location
windowsupdate.admx Turn off auto-restart for updates during active hours
windowsupdate.admx Turn on recommended updates via Automatic Updates
windowsupdate.admx Turn on Software Notifications
windowsupdate.admx Windows Automatic Updates
windowsupdate.admx Remove access to use all Windows Update features
windowsupdate.admx Specify deadline before auto-restart for update installation
wininit.admx Require use of fast startup
wininit.admx Timeout for hung logon sessions during shutdown
wininit.admx Turn off legacy remote shutdown interface
winlogon.admx Custom User Interface
winlogon.admx Disable or enable software Secure Attention Sequence
winlogon.admx Display information about previous logons during user logon
winlogon.admx Remove logon hours expiration warnings
winlogon.admx Report when logon server was not available during user logon
winlogon.admx Report when logon server was not available during user logon
winlogon.admx Set action to take when logon hours expire
winlogon.admx Sign-in last interactive user automatically after a system-initiated restart
winmaps.admx Turn off Automatic Download and Update of Map Data
winmaps.admx Turn off unsolicited network traffic on the Offline Maps settings page
winsrv.admx Turn off automatic termination of applications that block or cancel shutd
wirelessdisplay.admx Don't allow this PC to be projected to
wirelessdisplay.admx Require pin for pairing
wlansvc.admx Allow Windows to automatically connect to suggested open hotspots, to ne
wlansvc.admx Prefer PIN pairing
wlansvc.admx Require PIN pairing
wlansvc.admx Set Cost
wordwheel.admx Custom Instant Search Internet search provider
workfolders-client.admx Force automatic setup for all users
workfolders-client.admx Specify Work Folders settings
workplacejoin.admx Register domain joined computers as devices
wpn.admx Set the time Quiet Hours begins each day
wpn.admx Set the time Quiet Hours ends each day
wpn.admx Turn off calls during Quiet Hours
wpn.admx Turn off notification mirroring
wpn.admx Turn off notifications network usage
wpn.admx Turn off Quiet Hours
wpn.admx Turn off tile notifications
wpn.admx Turn off toast notifications
wpn.admx Turn off toast notifications on the lock screen
wwansvc.admx Set 3G Cost
wwansvc.admx Set 4G Cost
Scope Policy Path Registry I
Machine Windows Components\ActiveX Installer Service HKLM\SOFTW
Machine Windows Components\ActiveX Installer Service HKLM\SOFTW
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
User Control Panel\Add or Remove Programs HKCU\Softw
Machine Windows Components\Data Collection and Preview Builds HKLM\Softw
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
User Windows Components\Application Compatibility HKCU\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\Application Compatibility HKLM\Soft
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Soft
Machine Windows Components\App Privacy HKLM\Soft
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Soft
Machine Windows Components\App Privacy HKLM\Soft
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine Windows Components\App Privacy HKLM\Softw
Machine System\App-V\Streaming HKLM\SOFT
Machine System\App-V\Streaming HKLM\SOFTW
Machine System\App-V HKLM\Softw
Machine System\App-V\Virtualization HKLM\SOFTW
Machine System\App-V\Client Coexistence HKLM\SOFT
Machine System\App-V\Scripting HKLM\SOFTW
Machine System\App-V\Publishing HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFT
Machine System\App-V\Integration HKLM\SOFTW
Machine System\App-V\Integration HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFTW
Machine System\App-V\CEIP HKLM\SOFT
Machine System\App-V\Streaming HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFT
Machine System\App-V\Publishing HKLM\SOFTW
Machine System\App-V\Publishing HKLM\SOFTW
Machine System\App-V\Publishing HKLM\SOFTW
Machine System\App-V\Publishing HKLM\SOFTW
Machine System\App-V\Publishing HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFTW
Machine System\App-V\Reporting HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFT
Machine System\App-V\Integration HKLM\SOFTW
Machine System\App-V\Integration HKLM\SOFTW
Machine System\App-V\Streaming HKLM\SOFT
Machine System\App-V\Streaming HKLM\SOFT
Machine System\App-V\Streaming HKLM\SOFTW
Machine System\App-V\Virtualization HKLM\SOFTW
Machine Windows Components\App Package Deployment HKLM\Soft
Machine Windows Components\App Package Deployment HKLM\Softw
Machine Windows Components\App Package Deployment HKLM\Softw
Machine Windows Components\App Package Deployment HKLM\Soft
Machine Windows Components\App Package Deployment HKLM\Soft
Machine Windows Components\App Package Deployment HKLM\Soft
Machine Windows Components\App runtime HKLM\Softw
Machine Windows Components\App runtime HKLM\Softw
User Windows Components\App runtime HKCU\Softw
Machine Windows Components\App runtime HKLM\Softw
User Windows Components\App runtime HKCU\Softw
Machine Windows Components\App runtime HKLM\Soft
Machine Windows Components\App runtime HKLM\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
User Windows Components\Attachment Manager HKCU\Softw
Machine System\Audit Process Creation HKLM\Softw
Machine Windows Components\AutoPlay Policies HKLM\Soft
User Windows Components\AutoPlay Policies HKCU\Softw
Machine Windows Components\AutoPlay Policies HKLM\Softw
User Windows Components\AutoPlay Policies HKCU\Softw
Machine Windows Components\AutoPlay Policies HKLM\Softw
User Windows Components\AutoPlay Policies HKCU\Softw
Machine Windows Components\AutoPlay Policies HKLM\Softw
User Windows Components\AutoPlay Policies HKCU\Softw
Machine Windows Components\Software Protection Platform HKLM\Softw
Machine Windows Components\Software Protection Platform HKLM\Softw
Machine Windows Components\Biometrics HKLM\SOFTW
Machine Windows Components\Biometrics HKLM\SOFT
Machine Windows Components\Biometrics HKLM\SOFTW
Machine Windows Components\Biometrics HKLM\SOFTW
Machine Windows Components\Biometrics\Facial Features HKLM\SOFTW
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Soft
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Network\Background Intelligent Transfer Service (BITS) HKLM\Softw
Machine Windows Components\Camera HKLM\softw
Machine Windows Components\Windows Customer Experience ImpHKLM\Soft
Machine Windows Components\Windows Customer Experience ImpHKLM\Softw
Machine Network\SSL Configuration Settings HKLM\SOFTW
Machine Network\SSL Configuration Settings HKLM\SOFTW
User Windows Components\Cloud Content HKCU\Softw
Machine Windows Components\Cloud Content HKLM\Softw
User Windows Components\Cloud Content HKCU\Softw
Machine Windows Components\Cloud Content HKLM\Soft
User System HKCU\Soft
Machine System HKLM\Soft
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting\Audio & Video HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Audio & Video HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
Machine Windows Components\NetMeeting HKLM\Softw
User Windows Components\NetMeeting\Options Page HKCU\Softw
User Windows Components\NetMeeting HKCU\Soft
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Options Page HKCU\Softw
User Windows Components\NetMeeting\Options Page HKCU\Softw
User Windows Components\NetMeeting\Options Page HKCU\Softw
User Windows Components\NetMeeting\Options Page HKCU\Softw
User Windows Components\NetMeeting\Audio & Video HKCU\Soft
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Audio & Video HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Audio & Video HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting\Audio & Video HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting\Application Sharing HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Windows Components\NetMeeting HKCU\Softw
User Control Panel HKCU\Softw
User Control Panel HKCU\Softw
User Control Panel HKCU\Softw
User Control Panel HKCU\Softw
User Control Panel\Display HKCU\Softw
Machine Control Panel\Personalization HKLM\Softw
User Control Panel\Personalization HKCU\Softw
Machine Control Panel\Personalization HKLM\Softw
Machine Control Panel\Personalization HKLM\Softw
Machine Control Panel\Personalization HKLM\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Display HKCU\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Soft
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
Machine Control Panel\Personalization HKLM\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Soft
Machine Control Panel\Personalization HKLM\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
Machine Control Panel\Personalization HKLM\Softw
Machine Control Panel\Personalization HKLM\Softw
User Control Panel\Personalization HKCU\Softw
User Control Panel\Personalization HKCU\Softw
Machine Control Panel\User Accounts HKLM\Softw
Machine System\Logon HKLM\Soft
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Soft
Machine System\Logon HKLM\Soft
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine System\Credentials Delegation HKLM\Softw
Machine Windows Components\Credential User Interface HKLM\Softw
User Windows Components\Credential User Interface HKCU\Softw
Machine Windows Components\Credential User Interface HKLM\Softw
Machine Windows Components\Credential User Interface HKLM\Softw
User System\Ctrl+Alt+Del Options HKCU\Softw
User System\Ctrl+Alt+Del Options HKCU\Softw
User System\Ctrl+Alt+Del Options HKCU\Softw
User System\Ctrl+Alt+Del Options HKCU\Softw
Machine Windows Components\Data Collection and Preview Builds HKLM\Softw
User Windows Components\Data Collection and Preview Builds HKCU\Softw
Machine Windows Components\Data Collection and Preview Builds HKLM\Softw
Machine Windows Components\Data Collection and Preview Builds HKLM\Softw
Machine Windows Components\Data Collection and Preview Builds HKLM\Softw
Machine System\Distributed COM\Application Compatibility SettingsHKLM\Soft
Machine System\Distributed COM\Application Compatibility SettingsHKLM\Soft
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
Machine Windows Components\Delivery Optimization HKLM\SOFT
User Desktop\Desktop HKCU\Soft
User Desktop\Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop\Desktop HKCU\Soft
User Desktop HKCU\Softw
User Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop\Active Directory HKCU\Softw
User Desktop\Active Directory HKCU\Softw
User Desktop HKCU\Softw
User Desktop HKCU\Softw
User Desktop HKCU\Softw
User Desktop\Active Directory HKCU\Softw
User Desktop HKCU\Softw
User Desktop\Desktop HKCU\Soft
User Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop\Desktop HKCU\Softw
User Desktop HKCU\Softw
User Desktop HKCU\Soft
User Desktop HKCU\Soft
User Desktop HKCU\Softw
User Desktop HKCU\Softw
User Desktop HKCU\Softw
User Desktop HKCU\Soft
User Desktop HKCU\Softw
User Desktop HKCU\Softw
Machine Windows Components\Device and Driver Compatibility HKLM\Syste
Machine Windows Components\Device and Driver Compatibility HKLM\Syste
Machine Windows Components\Microsoft Secondary AuthenticationHKLM\SOFTW
Machine System\Device Guard HKLM\SOFTW
Machine System\Device Guard HKLM\SOFTW
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Driver Installation HKLM\Softw
Machine System\Device Installation HKLM\Softw
User System\Driver Installation HKCU\Softw
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation\Device Installation Restrictions HKLM\Softw
Machine System\Device Redirection\Device Redirection Restrictions HKLM\Softw
Machine System\Device Redirection\Device Redirection Restrictions HKLM\Softw
User System\Driver Installation HKCU\Softw
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation HKLM\SOFT
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation HKLM\Softw
Machine System\Device Installation HKLM\Softw
User System\Driver Installation HKCU\Soft
Machine System\Driver Installation HKLM\Soft
Machine Network HKLM\Softw
User Windows Components\Digital Locker HKCU\SOFTW
Machine Windows Components\Digital Locker HKLM\SOFTW
Machine System\Troubleshooting and Diagnostics\Disk Diagnostic HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Disk Diagnostic HKLM\SOFT
Machine System\Disk NV Cache HKLM\Soft
Machine System\Disk NV Cache HKLM\Soft
Machine System\Disk NV Cache HKLM\Soft
Machine System\Disk NV Cache HKLM\Soft
Machine System\Disk Quotas HKLM\Soft
Machine System\Disk Quotas HKLM\Softw
Machine System\Disk Quotas HKLM\Softw
Machine System\Disk Quotas HKLM\Softw
Machine System\Disk Quotas HKLM\Softw
Machine System\Disk Quotas HKLM\Softw
Machine System HKLM\Soft
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Soft
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Softw
Machine Network\DNS Client HKLM\Soft
User Windows Components\Desktop Window Manager\WindowHKCU\SOFT
Machine Windows Components\Desktop Window Manager\WindowHKLM\SOFT
User Windows Components\Desktop Window Manager HKCU\SOFT
Machine Windows Components\Desktop Window Manager HKLM\SOFT
User Windows Components\Desktop Window Manager HKCU\SOFT
Machine Windows Components\Desktop Window Manager HKLM\SOFT
User Windows Components\Desktop Window Manager\WindowHKCU\SOFT
Machine Windows Components\Desktop Window Manager\WindowHKLM\SOFT
Machine Windows Components\Desktop Window Manager HKLM\SOFT
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\softw
User Windows Components\IME HKCU\Softw
User Windows Components\IME HKCU\Softw
User Windows Components\IME HKCU\softw
Machine System\Early Launch Antimalware HKLM\Syste
Machine Windows Components\Edge UI HKLM\Soft
User Windows Components\Edge UI HKCU\Soft
Machine Windows Components\Edge UI HKLM\Softw
User Windows Components\Edge UI HKCU\Softw
User Windows Components\Edge UI HKCU\Softw
User Windows Components\Edge UI HKCU\Soft
User Windows Components\Edge UI HKCU\Softw
User Windows Components\Edge UI HKCU\Softw
User Windows Components\Edge UI HKCU\Softw
Machine System HKLM\Soft
Machine System\Enhanced Storage Access HKLM\Soft
Machine System\Enhanced Storage Access HKLM\Softw
Machine System\Enhanced Storage Access HKLM\Softw
Machine System\Enhanced Storage Access HKLM\Softw
Machine System\Enhanced Storage Access HKLM\Softw
Machine System\Enhanced Storage Access HKLM\Softw
Machine System\Enhanced Storage Access HKLM\Soft
User Windows Components\Windows Error Reporting HKCU\SOFT
Machine Windows Components\Windows Error Reporting HKLM\SOFT
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\SOFT
Er
User Windows Components\Windows Error Reporting\Consent HKCU\SOFT
Machine Windows Components\Windows Error Reporting\Consent HKLM\SOFT
Machine Windows Components\Windows Error Reporting HKLM\Softw
User Windows Components\Windows Error Reporting\AdvancedHKCU\SOFT
Er
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\SOFT
Er
User Windows Components\Windows Error Reporting\AdvancedHKCU\SOFT
Er
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\SOFT
Er
User Windows Components\Windows Error Reporting\Consent HKCU\SOFT
Machine Windows Components\Windows Error Reporting\Consent HKLM\SOFT
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\Softw
Er
User Windows Components\Windows Error Reporting HKCU\SOFT
Machine Windows Components\Windows Error Reporting HKLM\SOFT
User Windows Components\Windows Error Reporting HKCU\SOFT
Machine Windows Components\Windows Error Reporting HKLM\SOFT
Machine Windows Components\Windows Error Reporting HKLM\Softw
User Windows Components\Windows Error Reporting HKCU\SOFT
Machine Windows Components\Windows Error Reporting HKLM\SOFT
User Windows Components\Windows Error Reporting HKCU\SOFTW
Machine Windows Components\Windows Error Reporting HKLM\SOFTW
User Windows Components\Windows Error Reporting\Consent HKCU\SOFT
Machine Windows Components\Windows Error Reporting\Consent HKLM\SOFT
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\Softw
Er
User Windows Components\Windows Error Reporting\AdvancedHKCU\Softw
Er
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\Softw
Er
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\Softw
Er
Machine Windows Components\Windows Error Reporting HKLM\SOFT
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\Softw
Er
User Windows Components\Windows Error Reporting HKCU\SOFT
Machine Windows Components\Windows Error Reporting HKLM\SOFT
User Windows Components\Windows Error Reporting HKCU\SOFT
Machine Windows Components\Windows Error Reporting HKLM\SOFT
Machine Windows Components\Event Forwarding HKLM\Soft
Machine Windows Components\Event Forwarding HKLM\Softw
Machine Windows Components\Event Log Service\Application HKLM\Softw
Machine Windows Components\Event Log Service\Security HKLM\Softw
Machine Windows Components\Event Log Service\Setup HKLM\Softw
Machine Windows Components\Event Log Service\System HKLM\Softw
Machine Windows Components\Event Log Service\Application HKLM\Softw
Machine Windows Components\Event Log Service\Security HKLM\Softw
Machine Windows Components\Event Log Service\Setup HKLM\Softw
Machine Windows Components\Event Log Service\System HKLM\Softw
Machine Windows Components\Event Log Service\Application HKLM\Syste
Machine Windows Components\Event Log Service\Security HKLM\Syste
Machine Windows Components\Event Log Service\Setup HKLM\Syst
Machine Windows Components\Event Log Service\System HKLM\Syst
Machine Windows Components\Event Log Service\Application HKLM\Softw
Machine Windows Components\Event Log Service\Security HKLM\Softw
Machine Windows Components\Event Log Service\Setup HKLM\Softw
Machine Windows Components\Event Log Service\System HKLM\Softw
Machine Windows Components\Event Log Service\Application HKLM\Softw
Machine Windows Components\Event Log Service\Security HKLM\Softw
Machine Windows Components\Event Log Service\Setup HKLM\Softw
Machine Windows Components\Event Log Service\System HKLM\Softw
Machine Windows Components\Event Log Service\Application HKLM\Softw
Machine Windows Components\Event Log Service\Security HKLM\Softw
Machine Windows Components\Event Log Service\Setup HKLM\Softw
Machine Windows Components\Event Log Service\System HKLM\Softw
Machine Windows Components\Event Log Service\Setup HKLM\Softw
Machine Windows Components\Event Logging HKLM\Softw
Machine Windows Components\Event Viewer HKLM\Softw
Machine Windows Components\Event Viewer HKLM\Softw
Machine Windows Components\Event Viewer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Soft
Machine Windows Components\Portable Operating System HKLM\Syste
Machine Windows Components\Portable Operating System HKLM\Syste
Machine Windows Components\Portable Operating System HKLM\Softw
Machine Windows Components\Data Collection and Preview Builds HKLM\Softw
Machine Windows Components\File History HKLM\Softw
Machine System\Troubleshooting and Diagnostics\Corrupted File Re HKLM\SOFT
User Windows Components\File Revocation HKCU\Softw
Machine System\File Share Shadow Copy Provider HKLM\Softw
Machine System\Filesystem HKLM\Syste
Machine System\Filesystem\NTFS HKLM\Syste
Machine System\Filesystem\NTFS HKLM\Syste
Machine System\Filesystem\NTFS HKLM\Syste
Machine System\Filesystem\NTFS HKLM\Syste
Machine System\Filesystem HKLM\Syste
Machine System\Filesystem HKLM\Softw
Machine System\Filesystem\NTFS HKLM\Syste
User System\Folder Redirection HKCU\Soft
User System\Folder Redirection HKCU\Soft
User System\Folder Redirection HKCU\Softw
User System\Folder Redirection HKCU\Soft
Machine System\Folder Redirection HKLM\Soft
User System\Folder Redirection HKCU\Softw
Machine System\Folder Redirection HKLM\Softw
User Windows Components\File Explorer\Explorer Frame Pane HKCU\Softw
User Windows Components\File Explorer\Explorer Frame Pane HKCU\Softw
Machine System\Troubleshooting and Diagnostics\Fault Tolerant He HKLM\SOFT
Machine Windows Components\Game Explorer HKLM\Soft
Machine Windows Components\Game Explorer HKLM\Soft
Machine Windows Components\Game Explorer HKLM\Softw
Machine Control Panel\Regional and Language Options HKLM\Softw
Machine Control Panel\Regional and Language Options HKLM\Softw
User System HKCU\Softw
User System\Locale Services HKCU\Softw
Machine System\Locale Services HKLM\Softw
Machine System\Locale Services HKLM\Softw
User System\Locale Services HKCU\Softw
Machine System\Locale Services HKLM\Softw
User System\Locale Services HKCU\Softw
Machine System\Locale Services HKLM\Softw
Machine Control Panel\Regional and Language Options HKLM\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
Machine System\Locale Services HKLM\Softw
User System\Locale Services HKCU\Softw
Machine System\Locale Services HKLM\Softw
Machine Control Panel\Regional and Language Options HKLM\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options\Handwriting HKCU\SOFTW
Machine Control Panel\Regional and Language Options\Handwriting HKLM\SOFTW
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
User Control Panel\Regional and Language Options HKCU\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
User System\Group Policy HKCU\Softw
User System\Group Policy HKCU\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy HKLM\Soft
User System\Group Policy HKCU\Softw
User System\Group Policy HKCU\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine Network\Fonts HKLM\Softw
Machine System\Group Policy HKLM\Soft
User System\Group Policy HKCU\Softw
Machine System\Mitigation Options HKLM\SOFTW
User System\Mitigation Options HKCU\SOFTW
Machine System\Group Policy HKLM\Soft
User System\Group Policy HKCU\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
User System\Group Policy HKCU\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
User System\Group Policy HKCU\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Mitigation Options HKLM\SOFTW
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Softw
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Soft
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
Machine System\Group Policy HKLM\Soft
Machine System\Group Policy\Logging and tracing HKLM\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
Machine System\Group Policy HKLM\Soft
Machine System HKLM\Softw
User System HKCU\Softw
Machine System HKLM\Softw
Machine System HKLM\Soft
Machine Windows Components\Online Assistance HKLM\Softw
User System\Internet Communication Management\Internet Com
HKCU\Softw
User System\Internet Communication Management\Internet Com
HKCU\Softw
User System\Internet Communication Management\Internet Com
HKCU\Softw
Machine Network\Hotspot Authentication HKLM\Softw
User System\Internet Communication Management HKCU\Softw
Machine System\Internet Communication Management HKLM\Softw
Machine System\Internet Communication Management\Internet Com
HKLM\Soft
User System\Internet Communication Management\Internet Com
HKCU\Soft
Machine System\Internet Communication Management\Internet Com HKLM\Soft
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Soft
Machine System\Internet Communication Management\Internet Com HKLM\Soft
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Soft
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Soft
Machine Windows Components\Internet Information Services HKLM\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer\Accelerators HKCU\Softwa
Machine Windows Components\Internet Explorer\Accelerators HKLM\Softwa
User Windows Components\Internet Explorer\Accelerators HKCU\Softwa
Machine Windows Components\Internet Explorer\Accelerators HKLM\Softwa
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\B
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\B
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Soft
User Windows Components\Internet Explorer\Security Feature HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\B
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\B
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\M
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\M
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\M
HKLM\Soft
User Windows Components\Internet Explorer\Security Features\M
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\N
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\HKLM\Softw
User Windows Components\Internet Explorer\Security Features\HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\HKLM\Softw
User Windows Components\Internet Explorer\Security Features\HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\Re
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\Re
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\R
HKLM\Soft
User Windows Components\Internet Explorer\Security Features\R
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\S
HKLM\Soft
User Windows Components\Internet Explorer\Security Features\S
HKCU\Soft
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Soft
User Windows Components\Internet Explorer\Internet Control PHKCU\Soft
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings\HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\SOFTW
User Windows Components\Internet Explorer\Internet Control PHKCU\SOFTW
Machine Internet Control Panel\Advanced Page HKLM\SOFTW
User Internet Control Panel\Advanced Page HKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\A
HKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\A
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\A
HKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\A
HKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\A
HKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\A
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
Machine Windows Components\Internet Explorer HKLM\Soft
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Persistence BehavHKCU\Softw
User Windows Components\Internet Explorer\Persistence BehavHKCU\Softw
User Windows Components\Internet Explorer\Persistence BehavHKCU\Softw
User Windows Components\Internet Explorer\Persistence BehavHKCU\Softw
User Windows Components\Internet Explorer\Persistence BehavHKCU\Softw
Machine Windows Components\Internet Settings\Advanced settingsHKLM\Softw
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Soft
User Windows Components\Internet Explorer\Toolbars HKCU\Soft
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\B
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\B
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
Machine Windows Components\Internet Explorer\Security Features\B
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\B
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\M
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\M
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\M
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\M
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\N
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\HKLM\Softw
User Windows Components\Internet Explorer\Security Features\HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\HKLM\Softw
User Windows Components\Internet Explorer\Security Features\HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\Re
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\Re
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\R
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\R
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\S
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\S
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\SOFTW
User Windows Components\Internet Explorer\Security Features\N
HKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\SOFTW
User Windows Components\Internet Explorer\Security Features\N
HKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\SOFTW
User Windows Components\Internet Explorer\Security Features\N
HKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\RSS Feeds HKLM\Softw
User Windows Components\RSS Feeds HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\RSS Feeds HKLM\Softw
User Windows Components\RSS Feeds HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings\CHKLM\Softw
User Windows Components\Internet Explorer\Internet Settings\DHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings\HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings\HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
Machine Windows Components\RSS Feeds HKLM\Softw
User Windows Components\RSS Feeds HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Settings\Display settings\GeHKCU\Softw
Machine Windows Components\Internet Settings\Component Update HKLM\Softw
User Windows Components\Internet Settings\Display settings\GeHKCU\Softw
Machine Windows Components\Internet Explorer\Corporate Settin HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings\Di
HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\Di
HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\Di
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings\CHKLM\Softw
Machine Windows Components\RSS Feeds HKLM\Softw
User Windows Components\RSS Feeds HKCU\Softw
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
Machine Windows Components\Internet Explorer\Delete Browsing HHKLM\Softw
User Windows Components\Internet Explorer\Delete Browsing HHKCU\Softw
User Windows Components\Internet Settings\Display settings\GeHKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Soft
User Windows Components\Internet Explorer\Security Feature HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\BHKLM\Softw
User Windows Components\Internet Explorer\Security Features\BHKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\MHKLM\Softw
User Windows Components\Internet Explorer\Security Features\MHKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\MHKLM\Softw
User Windows Components\Internet Explorer\Security Features\MHKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features\NHKLM\Softw
User Windows Components\Internet Explorer\Security Features\NHKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\HKLM\Softw
User Windows Components\Internet Explorer\Security Features\HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\HKLM\Softw
User Windows Components\Internet Explorer\Security Features\HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\Re
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\Re
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\R
HKLM\Softw
User Windows Components\Internet Explorer\Security Features\R
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\S
HKLM\Soft
User Windows Components\Internet Explorer\Security Features\S
HKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Accelerators HKLM\Softw
User Windows Components\Internet Explorer\Accelerators HKCU\Softwa
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\SOFTW
User Windows Components\Internet Explorer\Security Features\N
HKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
User Windows Components\Internet Explorer\Administrator AppHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
User Windows Components\Internet Settings\Advanced settings\HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User Windows Components\Internet Explorer\Offline Pages HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features\N
HKLM\SOFTW
User Windows Components\Internet Explorer\Security Features\N
HKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Accelerators HKLM\Softw
User Windows Components\Internet Explorer\Accelerators HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
Machine Windows Components\RSS Feeds HKLM\Softw
User Windows Components\RSS Feeds HKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Soft
User Windows Components\Internet Explorer HKCU\Soft
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Soft
User Windows Components\Internet Explorer\Security Features HKCU\Soft
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings HKCU\SOFT
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Settings\Advanced settingsHKLM\Softw
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Browser menus HKLM\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control HKLM\Softw
User Windows Components\Internet Explorer\Internet Control HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\HKCU\SOFTW
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Browser menus HKLM\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Security Features HKLM\Softw
User Windows Components\Internet Explorer\Security Features HKCU\Softw
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Privacy HKLM\Softw
User Windows Components\Internet Explorer\Privacy HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Settings HKLM\Softw
User Windows Components\Internet Explorer\Internet Settings HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Security Feature HKLM\Softw
User Windows Components\Internet Explorer\Security Feature HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\AHKCU\Softw
Machine Windows Components\RSS Feeds HKLM\Softw
User Windows Components\RSS Feeds HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
User Windows Components\Internet Explorer\Internet Settings HKCU\SOFT
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Explorer\IHKLM\Softw
User Windows Components\Internet Explorer\Internet Explorer\IHKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\AHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PaHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PaHKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Soft
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
User Windows Components\Internet Settings\Advanced settingsHKCU\Softw
User Windows Components\Internet Explorer\Internet Settings\Di
HKCU\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\SOFTW
User Windows Components\Internet Explorer\Internet Control PHKCU\SOFTW
Machine Windows Components\Internet Explorer\Internet Control PHKLM\SOFTW
User Windows Components\Internet Explorer\Internet Control PHKCU\SOFTW
Machine Windows Components\Internet Explorer\Toolbars HKLM\Softw
User Windows Components\Internet Explorer\Toolbars HKCU\Softw
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer\Compatibility Vie HKLM\Softw
User Windows Components\Internet Explorer\Compatibility Vie HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer HKLM\Softw
User Windows Components\Internet Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
User Windows Components\Internet Explorer\Browser menus HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
User System\Internet Communication Management\Internet Com HKCU\Softw
Machine System\Internet Communication Management\Internet Com HKLM\Softw
Machine System\iSCSI\iSCSI Target Discovery HKLM\Softw
Machine System\iSCSI\General iSCSI HKLM\Softw
Machine System\iSCSI\iSCSI Security HKLM\Softw
Machine System\iSCSI\General iSCSI HKLM\Soft
Machine System\iSCSI\iSCSI Security HKLM\Softw
Machine System\iSCSI\iSCSI Target Discovery HKLM\Softw
Machine System\iSCSI\iSCSI Target Discovery HKLM\Softw
Machine System\iSCSI\iSCSI Target Discovery HKLM\Softw
Machine System\iSCSI\iSCSI Security HKLM\Soft
Machine System\iSCSI\iSCSI Security HKLM\Soft
Machine System\KDC HKLM\Soft
Machine System\KDC HKLM\Softw
Machine System\KDC HKLM\Softw
Machine System\KDC HKLM\Soft
Machine System\KDC HKLM\Softw
Machine System\KDC HKLM\Softw
Machine System\Kerberos HKLM\Soft
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Soft
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Syste
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine System\Kerberos HKLM\Softw
Machine Network\Lanman Server HKLM\Softw
Machine Network\Lanman Server HKLM\Softw
Machine Network\Lanman Server HKLM\Soft
Machine Network\Lanman Server HKLM\Soft
Machine Network\Lanman Workstation HKLM\Softw
Machine Network\Lanman Workstation HKLM\Soft
Machine Network\Lanman Workstation HKLM\Soft
Machine Network\Lanman Workstation HKLM\Softw
Machine System\Troubleshooting and Diagnostics\Windows MemoryHKLM\SOFT
Machine Network\Link-Layer Topology Discovery HKLM\Softw
Machine Network\Link-Layer Topology Discovery HKLM\Softw
Machine Windows Components\Location and Sensors\Windows LocatHKLM\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Soft
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Soft
Machine System HKLM\Softw
Machine System\Logon HKLM\Softw
User System HKCU\Softw
Machine System\Logon HKLM\Soft
Machine System\Logon HKLM\Soft
User System\Logon HKCU\Softw
Machine System\Logon HKLM\Softw
User System\Logon HKCU\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Soft
Machine System\Logon HKLM\Softw
Machine System HKLM\Softw
User System\Logon HKCU\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Softw
Machine System\Logon HKLM\Softw
Machine Windows Components\MDM HKLM\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Soft
User Windows Components\Microsoft Edge HKCU\Soft
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
Machine Windows Components\Microsoft Edge HKLM\Softw
User Windows Components\Microsoft Edge HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console HKCU\Soft
User Windows Components\Microsoft Management Console HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric
HKCU\Softw
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restr
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Softw
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restri
HKCU\Soft
User Windows Components\Microsoft Management Console\Restric HKCU\Soft
User Windows Components\Microsoft Management Console\Restri HKCU\Soft
User Windows Components\Microsoft Management Console\Restric HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Softw
User Windows Components\Microsoft Management Console\Restri HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Softw
User Windows Components\Microsoft Management Console\Restri HKCU\Soft
User Windows Components\Microsoft Management Console\Restri HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restri HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Softw
User Windows Components\Microsoft Management Console\Restri HKCU\Softw
User Windows Components\Microsoft Management Console\Restri HKCU\Softw
User Windows Components\Microsoft Management Console\Restr HKCU\Softw
User Windows Components\Microsoft Management Console\Restri HKCU\Softw
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restr HKCU\Soft
User Windows Components\Microsoft Management Console\Restri HKCU\Softw
User Windows Components\Microsoft Management Console\Restr HKCU\Softw
User Windows Components\Microsoft Management Console\Restri HKCU\Softw
User Windows Components\Windows Mobility Center HKCU\Softw
Machine Windows Components\Windows Mobility Center HKLM\Softw
User Windows Components\Presentation Settings HKCU\Softw
Machine Windows Components\Presentation Settings HKLM\Softw
Machine Windows Components\Maintenance Scheduler HKLM\Softw
Machine Windows Components\Maintenance Scheduler HKLM\Softw
Machine Windows Components\Maintenance Scheduler HKLM\Soft
Machine System\Troubleshooting and Diagnostics\Microsoft SupportHKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Microsoft SupportHKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Microsoft SupportHKLM\SOFTW
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
User Windows Components\Windows Installer HKCU\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
User Windows Components\Windows Installer HKCU\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
User Windows Components\Windows Installer HKCU\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
User Windows Components\Windows Installer HKCU\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine Windows Components\Windows Installer HKLM\Softw
Machine System\Troubleshooting and Diagnostics\MSI Corrupted Fil HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\DirectAccess Client Experience Settings HKLM\SOFT
Machine Network\Network Connectivity Status Indicator HKLM\Softw
Machine Network\Network Connectivity Status Indicator HKLM\Softw
Machine Network\Network Connectivity Status Indicator HKLM\Softw
Machine Network\Network Connectivity Status Indicator HKLM\Softw
Machine Network\Network Connectivity Status Indicator HKLM\Softw
Machine Network\Network Connectivity Status Indicator HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Soft
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Soft
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon\DC Locator DNS Records HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Soft
Machine System\Net Logon HKLM\Softw
Machine System\Net Logon HKLM\Softw
User Network\Network Connections HKCU\Softw
User Network\Network Connections HKCU\Softw
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
Machine Network\Network Connections HKLM\Soft
User Network\Network Connections HKCU\Softw
User Network\Network Connections HKCU\Softw
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Softw
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Softw
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
Machine Network\Network Connections HKLM\Soft
User Network\Network Connections HKCU\Soft
User Network\Network Connections HKCU\Soft
Machine Network\Network Connections HKLM\Softw
Machine Network\Network Connections HKLM\Soft
User Network\Network Connections HKCU\Softw
Machine Network\Network Connections HKLM\Soft
Machine Network\Network Connections HKLM\Softw
User Network\Network Connections HKCU\Softw
Machine Network\Network Isolation HKLM\SOFT
Machine Network\Network Isolation HKLM\SOFT
Machine Network\Network Isolation HKLM\SOFT
Machine Network\Network Isolation HKLM\SOFTW
Machine Network\Network Isolation HKLM\SOFT
Machine Network\Network Provider HKLM\Soft
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Softw
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
Machine Network\Offline Files HKLM\Softw
User Network\Offline Files HKCU\Softw
Machine Network\Offline Files HKLM\Softw
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
User Network\Offline Files HKCU\Soft
Machine Network\Offline Files HKLM\Soft
Machine Network\Offline Files HKLM\Soft
Machine Network\Microsoft Peer-to-Peer Networking Services HKLM\Soft
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer HKLM\Softw
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFTW
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFTW
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFTW
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFTW
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFT
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFT
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFT
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFT
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFTW
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFTW
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFT
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFTW
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFTW
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFTW
Machine Windows Components\Microsoft Passport for Work\PIN CoHKLM\SOFT
User Windows Components\Microsoft Passport for Work\PIN CoHKCU\SOFTW
Machine Windows Components\Microsoft Passport for Work HKLM\SOFTW
Machine Windows Components\Microsoft Passport for Work HKLM\SOFT
Machine Windows Components\Microsoft Passport for Work HKLM\SOFT
Machine Windows Components\Microsoft Passport for Work\Remote HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\Soft
Machine System\Troubleshooting and Diagnostics\Application Compat
HKLM\SOFTW
Machine Network\BranchCache HKLM\Softw
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
Machine Network\BranchCache HKLM\SOFTW
User Windows Components\Tablet PC\Tablet PC Pen Training HKCU\SOFTW
Machine Windows Components\Tablet PC\Tablet PC Pen Training HKLM\SOFTW
Machine System\Troubleshooting and Diagnostics\Windows Boot PerHKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Windows ShutdowHKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Windows StandbyHKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Windows System HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Windows PerformHKLM\SOFT
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Notification Settings HKLM\Soft
Machine System\Power Management\Notification Settings HKLM\Soft
Machine System HKLM\Soft
Machine System\Power Management\Energy Saver Settings HKLM\Soft
Machine System\Power Management\Energy Saver Settings HKLM\Soft
Machine System\Power Management\Notification Settings HKLM\Softw
Machine System\Power Management\Notification Settings HKLM\Softw
User System\Power Management HKCU\Soft
Machine System\Power Management\Video and Display Settings HKLM\Softw
Machine System\Power Management\Video and Display Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Notification Settings HKLM\Soft
Machine System\Power Management HKLM\Softw
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management\Button Settings HKLM\Soft
Machine System\Power Management HKLM\Softw
Machine System\Power Management\Video and Display Settings HKLM\Softw
Machine System\Power Management\Video and Display Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Video and Display Settings HKLM\Soft
Machine System\Power Management\Video and Display Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Softw
Machine System\Power Management\Notification Settings HKLM\Softw
Machine System\Power Management\Video and Display Settings HKLM\Soft
Machine System\Power Management\Video and Display Settings HKLM\Soft
Machine System\Power Management\Hard Disk Settings HKLM\Soft
Machine System\Power Management\Hard Disk Settings HKLM\Soft
Machine System\Power Management\Video and Display Settings HKLM\Softw
Machine System\Power Management\Video and Display Settings HKLM\Softw
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine System\Power Management\Sleep Settings HKLM\Soft
Machine Windows Components\Windows PowerShell HKLM\Softw
User Windows Components\Windows PowerShell HKCU\Softw
Machine Windows Components\Windows PowerShell HKLM\Soft
User Windows Components\Windows PowerShell HKCU\Soft
Machine Windows Components\Windows PowerShell HKLM\Softw
User Windows Components\Windows PowerShell HKCU\Softw
Machine Windows Components\Windows PowerShell HKLM\Softw
User Windows Components\Windows PowerShell HKCU\Softw
Machine Windows Components\Windows PowerShell HKLM\Softw
User Windows Components\Windows PowerShell HKCU\Softw
User Windows Components\File Explorer\Previous Versions HKCU\Softw
Machine Windows Components\File Explorer\Previous Versions HKLM\Softw
User Windows Components\File Explorer\Previous Versions HKCU\Softw
Machine Windows Components\File Explorer\Previous Versions HKLM\Softw
User Windows Components\File Explorer\Previous Versions HKCU\Softw
Machine Windows Components\File Explorer\Previous Versions HKLM\Softw
User Windows Components\File Explorer\Previous Versions HKCU\Softw
Machine Windows Components\File Explorer\Previous Versions HKLM\Softw
User Windows Components\File Explorer\Previous Versions HKCU\Softw
Machine Windows Components\File Explorer\Previous Versions HKLM\Softw
User Windows Components\File Explorer\Previous Versions HKCU\Softw
Machine Windows Components\File Explorer\Previous Versions HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Softw
User Control Panel\Printers HKCU\Softw
Machine Printers HKLM\Soft
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Softw
User Control Panel\Printers HKCU\Softw
Machine Printers HKLM\Softw
User Control Panel\Printers HKCU\Soft
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
Machine Printers HKLM\Softw
User Control Panel\Programs HKCU\Softw
User Control Panel\Programs HKCU\Softw
User Control Panel\Programs HKCU\Soft
User Control Panel\Programs HKCU\Softw
User Control Panel\Programs HKCU\Soft
User Control Panel\Programs HKCU\Soft
User Control Panel\Programs HKCU\Soft
Machine Network\QoS Packet Scheduler\DSCP value of conforming pHKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of non-conformHKLM\Softw
Machine Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of conforming pHKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of non-conformHKLM\Softw
Machine Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of conforming pHKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of non-conformHKLM\Soft
Machine Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Softw
Machine Network\QoS Packet Scheduler HKLM\Soft
Machine Network\QoS Packet Scheduler HKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of conforming pHKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of non-conformHKLM\Soft
Machine Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Softw
Machine Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Soft
Machine Network\QoS Packet Scheduler\DSCP value of conforming pHKLM\Softw
Machine Network\QoS Packet Scheduler\DSCP value of non-conformHKLM\Softw
Machine Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Softw
Machine Network\QoS Packet Scheduler HKLM\Softw
Machine Windows Components\Windows Reliability Analysis HKLM\SOFT
Machine System\Troubleshooting and Diagnostics\Windows ResourceHKLM\SOFT
Machine System\Recovery HKLM\SOFT
Machine System HKLM\Softw
Machine System HKLM\Softw
Machine System HKLM\Softw
Machine Windows Components\Windows Error Reporting\AdvancedHKLM\Softw
Er
Machine System\Remote Assistance HKLM\Softw
Machine System\Remote Assistance HKLM\Softw
Machine System\Remote Assistance HKLM\Softw
Machine System\Remote Assistance HKLM\Softw
Machine System\Remote Assistance HKLM\Softw
Machine System\Remote Assistance HKLM\Softw
User System\Removable Storage Access HKCU\Softw
Machine System\Removable Storage Access HKLM\Softw
Machine System\Removable Storage Access HKLM\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Softw
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Softw
Machine System\Removable Storage Access HKLM\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Softw
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Softw
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
User System\Removable Storage Access HKCU\Soft
Machine System\Removable Storage Access HKLM\Soft
Machine System\Remote Procedure Call HKLM\Softw
Machine System\Remote Procedure Call HKLM\Softw
Machine System\Remote Procedure Call HKLM\Softw
Machine System\Remote Procedure Call HKLM\Softw
Machine System\Remote Procedure Call HKLM\Softw
Machine System\Remote Procedure Call HKLM\Soft
Machine System\Scripts HKLM\Softw
User System\Scripts HKCU\Softw
User System\Scripts HKCU\Softw
Machine System\Scripts HKLM\Softw
Machine System\Scripts HKLM\Softw
User System\Scripts HKCU\Softw
User System\Scripts HKCU\Softw
Machine System\Scripts HKLM\Softw
Machine System\Scripts HKLM\Softw
Machine System\Scripts HKLM\Softw
Machine System\Scripts HKLM\Softw
User System\Scripts HKCU\Softw
Machine System\Scripts HKLM\Soft
Machine System\Troubleshooting and Diagnostics\Scripted DiagnostiHKLM\SOFTW
Machine System\Troubleshooting and Diagnostics\Scripted DiagnostiHKLM\SOFTW
Machine System\Troubleshooting and Diagnostics\Scripted DiagnostiHKLM\SOFTW
Machine System\Troubleshooting and Diagnostics\Scheduled Maint HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
User Windows Components\Search HKCU\SOFT
Machine Windows Components\Search HKLM\SOFT
User Windows Components\Search HKCU\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
User Windows Components\Search HKCU\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
User Windows Components\Search HKCU\SOFT
Machine Windows Components\Search HKLM\SOFT
User Windows Components\Search HKCU\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFTW
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
Machine Windows Components\Search HKLM\SOFT
User Windows Components\Search HKCU\SOFTW
Machine Windows Components\Security Center HKLM\Softw
User Windows Components\Location and Sensors HKCU\Softw
Machine Windows Components\Location and Sensors HKLM\Softw
User Windows Components\Location and Sensors HKCU\Softw
Machine Windows Components\Location and Sensors HKLM\Softw
User Windows Components\Location and Sensors HKCU\Softw
Machine Windows Components\Location and Sensors HKLM\Softw
Machine System\Server Manager HKLM\Softw
Machine System\Server Manager HKLM\Softw
Machine System HKLM\Soft
Machine System\Server Manager HKLM\Soft
Machine System HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine Windows Components\Sync your settings HKLM\Softw
Machine System HKLM\Softw
Machine System HKLM\Softw
Machine System\Internet Communication Management\Internet Com
HKLM\Softw
User System\Internet Communication Management\Internet Com
HKCU\Softw
User Shared Folders HKCU\Softw
User Shared Folders HKCU\Softw
Machine Windows Components\HomeGroup HKLM\Soft
User Windows Components\Network Sharing HKCU\Softw
User System HKCU\Softw
User System HKCU\Softw
User System HKCU\Soft
User System HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\Desktop Gadgets HKCU\Softw
Machine Windows Components\Desktop Gadgets HKLM\Softw
User Windows Components\Desktop Gadgets HKCU\Softw
Machine Windows Components\Desktop Gadgets HKLM\Softw
User Windows Components\Desktop Gadgets HKCU\Softw
Machine Windows Components\Desktop Gadgets HKLM\Softw
Machine Windows Components\OneDrive HKLM\Softw
Machine Windows Components\OneDrive HKLM\Softw
Machine Windows Components\OneDrive HKLM\Softw
Machine Windows Components\OneDrive HKLM\Softw
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFTW
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFTW
Machine Windows Components\Smart Card HKLM\SOFTW
Machine Windows Components\Smart Card HKLM\SOFTW
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFTW
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFT
Machine Windows Components\Smart Card HKLM\SOFTW
Machine Windows Components\Smart Card HKLM\SOFT
Machine Network\SNMP HKLM\Soft
Machine Network\SNMP HKLM\Soft
Machine Network\SNMP HKLM\Softw
User Windows Components\Sound Recorder HKCU\SOFT
Machine Windows Components\Sound Recorder HKLM\SOFT
Machine System\Access-Denied Assistance HKLM\SOFT
Machine System\Access-Denied Assistance HKLM\SOFT
Machine System\File Classification Infrastructure HKLM\SOFT
Machine System\File Classification Infrastructure HKLM\SOFTW
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
Machine Start Menu and Taskbar HKLM\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Soft
Machine Start Menu and Taskbar HKLM\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
Machine System\System Restore HKLM\Softw
Machine System\System Restore HKLM\Softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Input Panel HKCU\softw
Machine Windows Components\Tablet PC\Input Panel HKLM\softw
User Windows Components\Tablet PC\Accessories HKCU\SOFTW
Machine Windows Components\Tablet PC\Accessories HKLM\SOFTW
User Windows Components\Tablet PC\Accessories HKCU\SOFTW
Machine Windows Components\Tablet PC\Accessories HKLM\SOFTW
User Windows Components\Tablet PC\Accessories HKCU\SOFTW
Machine Windows Components\Tablet PC\Accessories HKLM\SOFTW
User Windows Components\Tablet PC\Accessories HKCU\SOFTW
Machine Windows Components\Tablet PC\Accessories HKLM\SOFTW
User Windows Components\Tablet PC\Hardware Buttons HKCU\SOFT
Machine Windows Components\Tablet PC\Hardware Buttons HKLM\SOFT
User Windows Components\Tablet PC\Pen UX Behaviors HKCU\SOFTW
Machine Windows Components\Tablet PC\Pen UX Behaviors HKLM\SOFTW
User Windows Components\Tablet PC\Pen Flicks Learning HKCU\SOFTW
Machine Windows Components\Tablet PC\Pen Flicks Learning HKLM\SOFTW
User Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTW
Machine Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTW
User Windows Components\Tablet PC\Hardware Buttons HKCU\SOFT
Machine Windows Components\Tablet PC\Hardware Buttons HKLM\SOFT
User Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTW
Machine Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTW
User Windows Components\Tablet PC\Cursors HKCU\SOFT
Machine Windows Components\Tablet PC\Cursors HKLM\SOFT
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Soft
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Start Menu and Taskbar HKCU\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
User Windows Components\Task Scheduler HKCU\Softw
Machine Windows Components\Task Scheduler HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\Parameters HKLM\Syste
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Softw
Machine Network\TCPIP Settings\Parameters HKLM\Syste
User Windows Components\Remote Desktop Services\Remote DeHKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote DeHKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote DeHKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
User Windows Components\Remote Desktop Services\RD GatewHKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\RD LicensHKLM\Softw
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\Softw
Machine Windows Components\Remote Desktop Services\RD LicensHKLM\Softw
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\Softw
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\Softw
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
User Windows Components\Remote Desktop Services\RD GatewHKCU\SOFT
User Windows Components\Remote Desktop Services\RD GatewHKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
User Windows Components\Remote Desktop Services\Remote DeHKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote DeHKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
User Windows Components\Remote Desktop Services\RemoteApHKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote De
HKCU\SOFTW
User Windows Components\Remote Desktop Services\Remote De
HKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote Desk
HKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFT
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFTW
User Windows Components\Remote Desktop Services\Remote De
HKCU\SOFT
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFTW
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote Desk
HKCU\SOFTW
User Windows Components\Remote Desktop Services\Remote De
HKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
User Windows Components\Remote Desktop Services\Remote Des
HKCU\SOFT
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote De
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFT
Machine Windows Components\Remote Desktop Services\Remote Desk
HKLM\SOFTW
Machine Windows Components\Remote Desktop Services\Remote Des
HKLM\SOFTW
User Windows Components\File Explorer HKCU\Soft
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\Tablet PC\Touch Input HKCU\SOFTW
Machine Windows Components\Tablet PC\Touch Input HKLM\SOFTW
User Windows Components\Tablet PC\Touch Input HKCU\SOFTW
Machine Windows Components\Tablet PC\Touch Input HKLM\SOFT
Machine System\Trusted Platform Module Services HKLM\Soft
Machine System\Trusted Platform Module Services HKLM\SOFT
Machine System\Trusted Platform Module Services HKLM\Softw
Machine System\Trusted Platform Module Services HKLM\Softw
Machine System\Trusted Platform Module Services HKLM\Softw
Machine System\Trusted Platform Module Services HKLM\Softw
Machine System\Trusted Platform Module Services HKLM\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Soft
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Soft
User Windows Components\Microsoft User Experience Virtualiz HKCU\Soft
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Soft
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Soft
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Soft
User Windows Components\Microsoft User Experience VirtualizaHKCU\Soft
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience Virtualiz HKLM\Softw
User Windows Components\Microsoft User Experience Virtualiz HKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine Windows Components\Microsoft User Experience VirtualizaHKLM\Softw
User Windows Components\Microsoft User Experience VirtualizaHKCU\Softw
Machine System\User Profiles HKLM\Soft
User System\User Profiles HKCU\Soft
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Soft
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Soft
Machine System\User Profiles HKLM\Softw
User System\User Profiles HKCU\Softw
Machine System\User Profiles HKLM\Soft
User System\User Profiles HKCU\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Soft
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Soft
User System\User Profiles HKCU\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine System\User Profiles HKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption HKLM\SOFTW
Machine Windows Components\BitLocker Drive Encryption HKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption HKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption HKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption HKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Soft
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFTW
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFTW
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFTW
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\Syste
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\Syste
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\Fixed DatHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\RemovablHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption HKLM\Softw
Machine Windows Components\BitLocker Drive Encryption HKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\SOFT
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption HKLM\Softw
Machine Windows Components\BitLocker Drive Encryption\OperatinHKLM\Softw
Machine Windows Components\BitLocker Drive Encryption HKLM\Softw
Machine System\Windows Time Service\Time Providers HKLM\Softw
Machine System\Windows Time Service\Time Providers HKLM\Softw
Machine System\Windows Time Service\Time Providers HKLM\Softw
Machine System\Windows Time Service HKLM\Softw
Machine Network\Windows Connection Manager HKLM\Soft
Machine Network\Windows Connection Manager HKLM\Soft
Machine Network\Windows Connection Manager HKLM\Soft
Machine Network\Windows Connection Manager HKLM\Soft
Machine System\Troubleshooting and Diagnostics HKLM\SOFT
Machine System\Troubleshooting and Diagnostics HKLM\SOFT
User Windows Components\Windows Calendar HKCU\Softw
Machine Windows Components\Windows Calendar HKLM\Soft
Machine Windows Components\Add features to Windows 10 HKLM\Softw
User Windows Components\Add features to Windows 10 HKCU\Softw
Machine Server HKLM\Soft
Machine Server HKLM\Soft
Machine Server HKLM\Soft
Machine Server HKLM\Softw
Machine Server HKLM\Soft
User Windows Components\Windows Color System HKCU\Softw
Machine Windows Components\Windows Color System HKLM\Softw
Machine Network\Windows Connect Now HKLM\Softw
User Network\Windows Connect Now HKCU\Soft
Machine Network\Windows Connect Now HKLM\Soft
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Soft
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender HKLM\Soft
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\MAPS HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Quarantine HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Remediation HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Quarantine HKLM\Softw
Machine Windows Components\Windows Defender\MAPS HKLM\Softw
Machine Windows Components\Windows Defender\Reporting HKLM\Softw
Machine Windows Components\Windows Defender\Reporting HKLM\Softw
Machine Windows Components\Windows Defender\Reporting HKLM\Softw
Machine Windows Components\Windows Defender\Reporting HKLM\Softw
Machine Windows Components\Windows Defender\Reporting HKLM\Softw
Machine Windows Components\Windows Defender\Reporting HKLM\Soft
Machine Windows Components\Windows Defender\Reporting HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Soft
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Client InterfaceHKLM\Softw
Machine Windows Components\Windows Defender\Client InterfaceHKLM\Softw
Machine Windows Components\Windows Defender\Exclusions HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\MAPS HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Exclusions HKLM\Softw
Machine Windows Components\Windows Defender\Exclusions HKLM\Softw
Machine Windows Components\Windows Defender HKLM\Soft
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\MAPS HKLM\Soft
Machine Windows Components\Windows Defender\Network InspectHKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Remediation HKLM\Soft
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Soft
Machine Windows Components\Windows Defender\Scan HKLM\Soft
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Remediation HKLM\Soft
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
Machine Windows Components\Windows Defender\Threats HKLM\Softw
Machine Windows Components\Windows Defender\Threats HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Client InterfaceHKLM\Softw
Machine Windows Components\Windows Defender\Client InterfaceHKLM\Softw
Machine Windows Components\Windows Defender\Exclusions HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Network InspectHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Network InspectHKLM\Softw
Machine Windows Components\Windows Defender\Real-time ProtecHKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Scan HKLM\Softw
Machine Windows Components\Windows Defender\Signature UpdatHKLM\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control PHKLM\Softw
User Windows Components\Internet Explorer\Internet Control PHKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\Internet Explorer\Internet Control Pa
HKLM\Softw
User Windows Components\Internet Explorer\Internet Control Pa
HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Soft
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer\Common Open File DiaHKCU\Soft
User Windows Components\File Explorer\Common Open File DiaHKCU\Softw
User Windows Components\File Explorer\Common Open File DiaHKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Soft
User Windows Components\File Explorer\Common Open File DiaHKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Soft
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Softw
User Windows Components\File Explorer HKCU\Soft
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
User Windows Components\File Explorer HKCU\Softw
Machine Windows Components\File Explorer HKLM\Soft
Machine System\Windows File Protection HKLM\Softw
Machine System\Windows File Protection HKLM\Softw
Machine System\Windows File Protection HKLM\Softw
Machine System\Windows File Protection HKLM\Softw
Machine Network\Network Connections\Windows Firewall HKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFT
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\Domain PHKLM\SOFTW
Machine Network\Network Connections\Windows Firewall\StandardHKLM\SOFTW
Machine Windows Components\Windows Ink Workspace HKLM\Soft
Machine Windows Components\Windows Ink Workspace HKLM\Soft
User Windows Components\Windows Mail HKCU\SOFT
Machine Windows Components\Windows Mail HKLM\SOFT
User Windows Components\Windows Mail HKCU\SOFT
Machine Windows Components\Windows Mail HKLM\SOFT
Machine Windows Components\Windows Media Digital Rights Man HKLM\Soft
User Windows Components\Windows Media Player\Playback HKCU\Softw
User Windows Components\Windows Media Player\NetworkingHKCU\Softw
User Windows Components\Windows Media Player\NetworkingHKCU\Softw
User Windows Components\Windows Media Player\NetworkingHKCU\Softw
User Windows Components\Windows Media Player\NetworkingHKCU\Softw
User Windows Components\Windows Media Player\User InterfaHKCU\Soft
Machine Windows Components\Windows Media Player HKLM\Soft
User Windows Components\Windows Media Player\NetworkingHKCU\Soft
User Windows Components\Windows Media Player\User InterfaHKCU\Softw
User Windows Components\Windows Media Player\User InterfaHKCU\Softw
Machine Windows Components\Windows Media Player HKLM\Soft
User Windows Components\Windows Media Player HKCU\Soft
User Windows Components\Windows Media Player\Playback HKCU\Soft
Machine Windows Components\Windows Media Player HKLM\Softw
Machine Windows Components\Windows Media Player HKLM\Softw
User Windows Components\Windows Media Player HKCU\Softw
Machine Windows Components\Windows Media Player HKLM\Softw
User Windows Components\Windows Media Player HKCU\Softw
Machine Windows Components\Windows Media Player HKLM\Softw
User Windows Components\Windows Media Player\User InterfaHKCU\Softw
User Windows Components\Windows Media Player\NetworkingHKCU\Softw
Machine Windows Components\Windows Messenger HKLM\Softw
User Windows Components\Windows Messenger HKCU\Softw
Machine Windows Components\Windows Messenger HKLM\Softw
User Windows Components\Windows Messenger HKCU\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Soft
Machine Windows Components\Windows Remote Management (WiHKLM\Soft
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Soft
Machine Windows Components\Windows Remote Management (WiHKLM\Soft
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Soft
Machine Windows Components\Windows Remote Management (WiHKLM\Soft
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Management (WiHKLM\Softw
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Windows Remote Shell HKLM\Soft
Machine Windows Components\Store HKLM\Softw
User Windows Components\Store HKCU\Softw
Machine Windows Components\Store HKLM\Softw
Machine Windows Components\Store HKLM\Soft
Machine Windows Components\Store HKLM\Soft
User Windows Components\Store HKCU\Softw
Machine Windows Components\Store HKLM\Softw
User Windows Components\Store HKCU\Soft
Machine Windows Components\Store HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
User Windows Components\Windows Update HKCU\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
User Windows Components\Windows Update HKCU\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
User Windows Components\Windows Update HKCU\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update\Defer Windows UHKLM\Soft
Machine Windows Components\Windows Update\Defer Windows UHKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
User System HKCU\Softw
Machine Windows Components\Windows Update HKLM\Soft
Machine Windows Components\Windows Update HKLM\Soft
Machine System\Shutdown HKLM\Soft
Machine Windows Components\Shutdown Options HKLM\Soft
Machine Windows Components\Shutdown Options HKLM\Soft
User System HKCU\Softw
Machine Windows Components\Windows Logon Options HKLM\Softw
Machine Windows Components\Windows Logon Options HKLM\Softw
User Windows Components\Windows Logon Options HKCU\Softw
Machine Windows Components\Windows Logon Options HKLM\Softw
User Windows Components\Windows Logon Options HKCU\Softw
User Windows Components\Windows Logon Options HKCU\Softw
Machine Windows Components\Windows Logon Options HKLM\Softw
Machine Windows Components\Maps HKLM\Soft
Machine Windows Components\Maps HKLM\Softw
Machine System\Shutdown Options HKLM\Soft
Machine Windows Components\Connect HKLM\Softw
Machine Windows Components\Connect HKLM\Softw
Machine Network\WLAN Service\WLAN Settings HKLM\Soft
Machine Network\Wireless Display HKLM\SOFTW
Machine Network\Wireless Display HKLM\SOFTW
Machine Network\WLAN Service\WLAN Media Cost HKLM\Softw
User Windows Components\Instant Search HKCU\Softw
Machine Windows Components\Work Folders HKLM\Softw
User Windows Components\Work Folders HKCU\Softw
Machine Windows Components\Device Registration HKLM\Softw
User Start Menu and Taskbar\Notifications HKCU\SOFT
User Start Menu and Taskbar\Notifications HKCU\SOFT
User Start Menu and Taskbar\Notifications HKCU\SOFTW
User Start Menu and Taskbar\Notifications HKCU\SOFTW
User Start Menu and Taskbar\Notifications HKCU\SOFTW
User Start Menu and Taskbar\Notifications HKCU\SOFT
User Start Menu and Taskbar\Notifications HKCU\SOFTW
User Start Menu and Taskbar\Notifications HKCU\SOFTW
User Start Menu and Taskbar\Notifications HKCU\SOFTW
Machine Network\WWAN Service\WWAN Media Cost HKLM\Soft
Machine Network\WWAN Service\WWAN Media Cost HKLM\Soft
Supported On
At least Windows Vista
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2016, Windows 10
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 8.1 Update 2
At least Windows 8.1 Update 2
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2012 R2, Windows
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2012 R2, Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows 10 Server or Windows 10
At least Windows Vista
Windows 7 or computers with BITS 3.5 instal
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows XP SP2 or Windows Server 2003 SP1,
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows 8 or Windows Server 2012 or Windo
Windows 7 or computers with BITS 3.5 instal
Windows 7 or computers with BITS 3.5 instal
Windows XP or Windows Server 2003, or comp
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 2000
At least Windows 2000
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows 2000 Service Pack 1
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Server 2012, Windows 8
At least Windows Server 2012 R2, Windows
At least Windows Server 2003 operating sys
At least Windows 2000 Service Pack 1
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
At least Windows 2000 Service Pack 1
At least Windows 2000
Windows Server 2008, Windows Server 2003
At least Windows 2000
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows 2000
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
Windows Server 2003, Windows XP, and Wi
At least Windows 2000 Service Pack 1
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
Windows Server 2012, Windows 8, Windows
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8 or
At least Windows Server 2012, Windows 8 or
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows Server 2003 operating sys
Windows Server 2003, Windows XP, and Wi
At least Windows 2000 Service Pack 3
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
Windows Server 2003 and Windows XP only
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Wind
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Windows Server 2008, Windows Server 2003
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Vista
Windows Server 2008 with Desktop Experien
Windows Server 2008 with Desktop Experien
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows Vista
At least Windows Server 2012, Windows 8
Windows XP Professional only
Windows XP Professional only
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
Windows XP Professional only
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012 R2, Windows
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Windows Server 2012 R2, Windows 8.1 or W
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Vista
Windows Server 2012 R2, Windows 8.1, Win
Windows Server 2012 R2, Windows 8.1, Win
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Vista
Windows Server 2003 and Windows XP only
At least Windows Vista
Windows Server 2003 and Windows XP only
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2012 R2, Windows
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2012 R2, Windows
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows Server 2016, Windows 10
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2012 R2, Windows
At least Windows 2000
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Server 2012, Windows 8
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Server 2016, Windows 10
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2008
At least Internet Explorer 6 Service Pack 1
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows XP Professional with SP2
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
At least Windows XP Professional with SP2
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Vista
Windows Server 2008, Windows Server 2003
Windows Server 2003 only
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
Only Internet Explorer 6.0 in Windows 2003
Only Internet Explorer 6.0 in Windows 2003
Only Internet Explorer 6.0 in Windows 2003
Only Internet Explorer 6.0 in Windows 2003
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 11.0 on Windows
At least Internet Explorer 11.0 on Windows
Only Internet Explorer 11.0 on Windows 8.1
Only Internet Explorer 11.0 on Windows 8.1
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 5.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 6.0 in Windows 2
At least Internet Explorer 6.0 in Windows 2
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
Only Internet Explorer 6.0
Only Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0. Not support
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 through Internet
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0. Not support
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
Only Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 5.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 5.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
At least Internet Explorer 6.0 in Windows 20
Only Internet Explorer 6.0 in Windows 2003
Only Internet Explorer 6.0 in Windows 2003
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
Only Internet Explorer 7.0 and Internet Expl
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 9.0 through 11.0. N
Only Internet Explorer 9.0 through 11.0. N
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 7.0 and Internet Expl
Only Internet Explorer 7.0 and Internet Expl
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
Only Internet Explorer 7.0
Only Internet Explorer 7.0
At least Internet Explorer 7.0. Not support
At least Internet Explorer 7.0. Not support
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 5.0 through Internet
Only Internet Explorer 5.0 through Internet
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
Only Internet Explorer 5.0 and Internet Expl
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 5.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
Only Internet Explorer 6.0 in Windows XP Se
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0. Not support
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
Only Internet Explorer 5.0 and Internet Expl
At least Internet Explorer 5.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 8.0 to Internet Explorer 10
Internet Explorer 8.0 to Internet Explorer 10
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 4.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 5.0 through Internet
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 6.0 in Windows 2003
Only Internet Explorer 6.0 in Windows 2003
Internet Explorer 7.0 to Internet Explorer 10
Internet Explorer 7.0 to Internet Explorer 10
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 7.0 to Internet Explorer 10
Internet Explorer 7.0 to Internet Explorer 10
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 10.0 on Windows
At least Internet Explorer 10.0 on Windows
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0
Internet Explorer 8.0 to Internet Explorer 10
Internet Explorer 8.0 to Internet Explorer 10
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0 in Windows Vi
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 8.0 to Internet Explorer 10
Internet Explorer 8.0 to Internet Explorer 10
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Internet Explorer 6.0 in Windows X
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Server 2012 R2, Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012 R2, Windows
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2008 R2 or Window
At least Windows Server 2016, Windows 10
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2012, Windows 8, Windows
Windows Server 2003 and versions of Wind
Windows Server 2008 R2 and Windows 7
At least Windows Server 2003 operating sys
At least Windows Server 2016, Windows 10
At least Windows 2000
At least Windows Server 2012, Windows 8
Windows 2000 only
Windows 2000 only
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
Windows operating systems from Windows V
At least Windows 10
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1607
Microsoft Edge on Windows 10, Version 1607
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1607
Microsoft Edge on Windows 10, Version 1607
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10, Version 1511
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1607
Microsoft Edge on Windows 10, Version 1607
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows Server 2003
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003 only
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows 2000
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Installer v3.0
Windows Installer v3.0
Windows Installer v4.5
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Installer v3.0
Windows Installer v3.0
Windows Installer v3.0
At least Windows 2000
At least Windows 2000
Windows Installer v4.0
Microsoft Windows XP or Windows 2000 with
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
Windows Installer v4.0
Windows Installer v4.5
At least Windows 2000
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Server 2012 R2 or Window
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows 2000 Service Pack 1
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Microsoft Windows Server 2003, Windows XP
At least Windows Server 2008 R2 or Window
Windows Server 2003 and Windows XP only
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP
Microsoft Windows Server 2003, Windows XP
Microsoft Windows Server 2003, Windows XP
Microsoft Windows Server 2003, Windows XP
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP
At least Windows Server 2003 operating sys
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP
Windows Server 2003 and Windows XP only
Microsoft Windows Server 2003, Windows XP
Microsoft Windows Server 2003, Windows XP
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Microsoft Windows XP Professional with SP
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
Windows XP Professional only
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows Vista
At least Windows Vista
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows 10 Server or Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 7 or Windows Server 2008
At least Windows 7 or Windows Server 2008
At least Windows 7 or Windows Server 2008
At least Windows 7 or Windows Server 2008
Windows Vista only
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
Windows Vista only
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
At least Microsoft Windows 7 or Windows Se
Supported Windows Vista through Windows
Supported Windows Vista through Windows
At least Windows Vista
At least Windows Vista
Supported Windows Vista through Windows
Supported Windows Vista through Windows
Supported Windows Vista through Windows
Supported Windows Vista through Windows
Supported Windows Vista through Windows
Supported Windows Vista through Windows
At least Windows Vista
At least Windows Vista
Windows 2000 only
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
Windows Server 2008 and Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
Windows Server 2008 and Windows Vista
At least Windows Vista
Supported Windows XP SP1 through Window
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2016, Windows 10
At least Windows Server 2003
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows Vista
Windows Server 2008 R2 and Windows 7
Windows Server 2003 only
At least Windows Server 2003 operating sys
At least Windows Server 2003
Windows Server 2003 only
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows XP Professional with SP2
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows XP Professional with SP2
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows 2000
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Microsoft Windows XP, or Windows Server 20
Microsoft Windows XP, or Windows Server 20
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
Microsoft Windows Vista, or any version of
At least Windows Server 2016, Windows 10
Microsoft Windows Vista, or any version of
Microsoft Windows 8 or later
Microsoft Windows XP, or Windows Server 20
Microsoft Windows XP, Windows Server 2003
Any version of Microsoft Windows with Wind
Microsoft Windows XP, Windows Server 2003
Any version of Microsoft Windows with Wind
Any version of Microsoft Windows with Wind
Microsoft Windows 8.1 or later
Microsoft Windows XP, or Windows Server 20
Microsoft Windows 8.1 or later
Microsoft Windows 8.1. Not supported on W
Any version of Microsoft Windows with Wind
Microsoft Windows Vista, or any version of
Any version of Microsoft Windows with Wind
Microsoft Windows Vista, or any version of
Any version of Microsoft Windows with Wind
Any version of Microsoft Windows with Wind
Microsoft Windows XP, or Windows Server 20
Any version of Microsoft Windows with Win
Any version of Microsoft Windows with Wind
Microsoft Windows XP, Windows Server 2003
Any version of Microsoft Windows with Wind
Microsoft Windows XP, Windows Server 2003
Any version of Microsoft Windows with Wind
Microsoft Windows Vista, or any version of
Microsoft Windows Vista or later
Microsoft Windows Vista, or any version of
Microsoft Windows XP, Windows Server 2003
Microsoft Windows Vista, or any version of
Microsoft Windows XP, Windows Server 2003
Microsoft Windows Vista, or any version of
Microsoft Windows XP, Windows Server 2003
Microsoft Windows XP, or Windows Server 20
Microsoft Windows XP, or Windows Server 20
Microsoft Windows 8.1. Not supported on W
Microsoft Windows 8.1. Not supported on W
Microsoft Windows XP, Windows Server 2003
Microsoft Windows 8 or later
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008
Windows Server 2008 and Windows Server 2
At least Windows Server 2003
At least Windows Server 2008
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012 R2, Windows
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Vista only
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Server 2008 R2 or Window
Windows Server 2012 R2, Windows 8.1 or W
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista Service Pack 1
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 2000
Windows Server 2008, Windows Server 2003
Windows Server 2008 R2 and Windows 7
Windows Server 2008, Windows 7, and Wind
Windows Server 2008 R2 and Windows 7
At least Windows 2000
Windows Server 2008, Windows 7, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows 2000
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008 and Windows Vista
Windows Server 2008, Windows 7, and Wind
At least Windows 2000
At least Windows 2000
Windows Server 2008, Windows Server 2003
At least Windows 10 Server or Windows 10
Windows Server 2012 R2, Windows 8.1 or W
Windows Server 2008, Windows Server 200
At least Windows Server 2003 operating sys
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Server 2003 operating sys
Windows Server 2012 R2, Windows 8.1 or W
Windows Server 2012 R2, Windows 8.1 or W
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
Windows Server 2003 and Windows XP only
At least Windows Server 2003 operating sys
At least Windows 2000
Windows Server 2012 R2, Windows 8.1, Wind
Windows Server 2008, Windows Server 200
Windows Server 2008 R2 and Windows 7
Windows Server 2008, Windows Server 200
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows Server 200
Windows Server 2008 R2 and Windows 7
At least Windows 2000 through Windows 8.
At least Windows 2000
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
Windows Server 2012 R2, Windows 8.1, Win
Windows Server 2008, Windows Server 200
Windows Server 2008 R2 and Windows 7
Windows Server 2012 R2, Windows 8.1, Win
Windows Vista only
Windows Server 2003 and Windows XP only
At least Windows Server 2008 R2 or Window
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows 7, and Wind
Windows Server 2003 and Windows XP only
Windows Server 2008, Windows Server 200
Windows Server 2008 R2 and Windows 7
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Server 2012, Windows 8
Windows Vista only
Windows Server 2012 R2, Windows 8.1 or W
Windows Server 2012 R2, Windows 8.1 or W
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2003 operating sys
Windows Server 2008, Windows Server 2003
Windows Server 2008, Windows Server 2003
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
At least Windows Vista
At least Windows Vista
Windows Vista only
Windows Vista only
Windows Vista only
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
At least Windows Server 2016, Windows 10
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Vista
At least Windows Server 2012 R2, Windows
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Windows Vista only
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Vista Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows 7 with Service Pack 1 or
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 with Service
At least Windows Server 2003 operating sys
At least Windows Vista with Service Pack 1
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Server 2003
At least Windows Server 2003, Enterprise Ed
At least Windows Server 2003, Enterprise Ed
Windows 7 or Windows Server 2008 R2 (and t
At least Windows Server 2012, Windows 8
At least Windows Vista with Service Pack 1
At least Windows XP and Windows Server 2
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2016, Windows 10
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 with Service
At least Windows Server 2003, Enterprise Ed
At least Windows Server 2003
At least Windows Server 2008 R2 or Window
Windows Server 2008, Windows Server 2003
At least Windows Server 2008 R2 or Window
At least Windows Server 2003
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2
Windows 7 or Windows Server 2008 R2 (and t
Windows 7 or Windows Server 2008 R2 (and t
At least Windows Server 2003
At least Windows Server 2016, Windows 10
At least Windows Vista with Service Pack 1
At least Windows 2000 Terminal Services
At least Windows 2000 Terminal Services
At least Windows Server 2003
At least Windows Vista
At least Windows Vista
At least Windows Server 2003
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2003 operating sys
At least Windows Server 2003
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003
Windows Server 2008 R2, Windows Server 2
Windows Server 2008 R2, Windows Server 2
At least Windows Server 2003 with Service
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
Windows Server 2003 with Service Pack 1 on
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Server 2003
At least Windows Server 2003
At least Windows 8 Enterprise or Windows
At least Windows 8 or Windows RT
At least Windows Server 2012 R2 or Window
At least Windows Server 2003, Enterprise Ed
At least Windows Server 2003 with Service
At least Windows Server 2008 or Windows 7
At least Windows Server 2008 or Windows 7
At least Windows Server 2012, Windows 8
At least Windows Server 2003 with Service
Windows Server 2008 R2 only
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008 R2
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008
MicrosoftWindowsVista_SP1
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Wind
Windows Server 2008, Windows 7, and Wind
Windows Server 2008 R2 and Windows 7
Windows Server 2008 R2 and Windows 7
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows 2000
At least Windows Server 2012, Windows 8
Windows Server 2003, Windows XP, and Wi
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012 or Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
Windows Server 2008, Windows 7, and Wind
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Windows Server 2008 and Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows 10 Server or Windows 10
Windows Server 2008, Windows 7, and Wind
At least Windows Server 2012 or Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2012 or Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012 or Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2012 or Windows 8
Windows Server 2012 R2, Windows 8.1, Win
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
Windows Server 2008 and Windows Vista
At least Windows Server 2012, Windows 8
Windows Server 2008 and Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
Windows Vista only
Windows Vista only
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Window
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows Server 2003 operating sys
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2012, Windows 8
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
Windows Server 2003, Windows XP, and Wi
Windows Server 2008, Windows Server 200
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating sys
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2003 operating sys
Windows XP Professional only
At least Windows Server 2008 R2 or Window
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2003 operating sys
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2008 R2 or Window
At least Windows Server 2008 R2 or Window
At least Windows Server 2003
Windows Server 2008, Windows Server 2003
At least Windows Server 2008 R2 or Window
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
Windows Server 2003, Windows XP, and Wi
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows 10 Redstone
At least Windows 10 Redstone
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and l
Windows Server 2003, Windows XP, and Wi
Windows Media Player for Windows XP and l
Windows Media Player 9 Series and later.
Windows Server 2003, Windows XP, and Wi
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and l
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and l
Windows Media Player 9 Series and later.
Windows Media Player 11 for Windows XP or
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Server 2003, Windows XP, and Wi
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and l
Windows Media Player for Windows XP and l
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Server 2003 operating sys
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows XP Professional Service P
At least Windows XP Professional Service P
At least Windows Server 2003 operating sys
At least Windows Server 2012, Windows 8
At least Windows XP Professional Service P
Windows XP Professional Service Pack 1 or
Windows 7, Windows Server 2008 R2, Windo
Windows 7, Windows Server 2008 R2, Windo
Windows 7, Windows Server 2008 R2, Windo
At least Windows Server 2012 R2, Windows
Windows 7, Windows Server 2008 R2, Windo
Windows 7, Windows Server 2008 R2, Windo
At least Windows Server 2016 or Windows
At least Windows XP Professional Service P
Windows Server 2008, Windows 7, and Wind
Windows XP Professional Service Pack 1 or
At least Windows XP Professional Service P
Windows 7, Windows Server 2008 R2, Windo
Windows 7, Windows Server 2008 R2, Windo
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows XP Professional Service P
At least Windows Server 2016 or Windows
At least Windows Vista through Windows 8.1
Windows Server 2008, Windows 7, and Wind
Windows XP Professional only
At least Windows Server 2016 or Windows
At least Windows Server 2016 or Windows
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012 R2, Windows
At least Windows 10
At least Windows 10
At least Windows Vista
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Vista
At least Windows 8.1 or Windows RT 8.1
At least Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2 or Window
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
At least Windows Server 2012 R2, Windows
At least Windows Server 2016, Windows 10
At least Windows Server 2012, Windows 8
At least Windows Server 2012 R2, Windows
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
At least Windows Server 2012, Windows 8
Help Text
This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX cont
This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If you enable this policy setting, ActiveX
Prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services"
Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the att
Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view
Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or cha
Removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from
Removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using
Prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" sec
Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or
Prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and re
Removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the
Specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, on
This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Updat
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launch
This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on t
This policy controls the state of the application compatibility engine in the system. The engine is part of the loader and looks t
The policy controls the state of the Application Telemetry engine in the system. Application Telemetry is a mechanism that trac
This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices,
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the u
This policy setting controls the state of Steps Recorder. Steps Recorder keeps a record of steps taken by the user. The data gene
The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides ge
This policy setting specifies whether Windows apps can access account information. You can specify either a default setting fo
This policy setting specifies whether Windows apps can access account information. If you choose the "User is in control" opti
This policy setting specifies whether Windows apps can access call history. If you choose the "User is in control" option, emplo
This policy setting specifies whether Windows apps can access contacts. If you choose the "User is in control" option, employe
This policy setting specifies whether Windows apps can access email. If you choose the "User is in control" option, employees
This policy setting specifies whether Windows apps can access location. If you choose the "User is in control" option, employe
This policy setting specifies whether Windows apps can read or send messages (text or MMS). If you choose the "User is in con
This policy setting specifies whether Windows apps can access motion data. If you choose the "User is in control" option, emp
This policy setting specifies whether Windows apps can access notifications. You can specify either a default setting for all app
This policy setting specifies whether Windows apps can access the calendar. If you choose the "User is in control" option, emp
This policy setting specifies whether Windows apps can access the camera. If you choose the "User is in control" option, emplo
This policy setting specifies whether Windows apps can access the microphone. If you choose the "User is in control" option, e
This policy setting specifies whether Windows apps can access trusted devices. If you choose the "User is in control" option, e
This policy setting specifies whether Windows apps have access to control radios. If you choose the "User is in control" option
This policy setting specifies whether Windows apps can sync with devices. If you choose the "User is in control" option, emplo
This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network
Specifies the path to a valid certificate in the certificate store.
This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for dis
Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
Enables scripts defined in the package manifest of configuration files that should run.
Enables a UX to display to the user when a publishing refresh is performed on the client.
If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this
Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file ty
Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file ty
Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
The program collects information about computer hardware and how you use Microsoft Application Virtualization without inte
Specifies directory where all new applications and updates will be installed.
Overrides source location for downloading package content.
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Specifies the number of seconds between attempts to reestablish a dropped session.
Specifies the number of times to retry a dropped session.
Reporting Server URL: Displays the URL of reporting server. Reporting Time: When the client data should be reported to the se
Requires admin privileges to publish and unpublish packages and connection groups.
Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='d
Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;so
Specifies that streamed package contents will be not be saved to the local hard disk.
Specifies how new packages should be loaded automatically by App-V on a specific computer.
Verifies Server certificate revocation status before streaming using HTTPS.
Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, br
Manages a Windows app's ability to share data between users who have installed the app. If you enable this policy, a Window
This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store a
This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special pro
Allows or denies development of Windows Store applications and installing them directly from an IDE. If you enable this settin
This policy setting allows you to manage installing Windows apps on additional volumes such as secondary partitions, USB driv
Prevent users' app data from moving to another location when an app is moved or installed on another location. If you enable
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Be
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Be
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme
This policy setting controls whether Windows Store apps with Windows Runtime API access directly from web content can be l
This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of t
This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachment
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types
This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Wind
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are regis
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments. Preferring th
This policy setting determines what information is logged in security audit events when a new process has been created. This s
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected.
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected.
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf file
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf file
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert med
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert med
This policy setting controls whether OS Reactivation is blocked on a device. Policy Options: - Not Configured (default -- Wind
This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting preve
This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permiss
This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configu
This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. B
This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initi
This policy setting determines whether enhanced anti-spoofing is configured for devices which support it. If you do not configu
This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific
This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component
This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is e
This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is
This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to m
This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the to
This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files i
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfe
This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers fr
This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs
This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the to
This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use
This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited
This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background tran
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfe
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfe
This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned
This policy setting allow the use of Camera devices on the machine. If you enable or do not configure this policy setting, Came
If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Mana
This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted. I
This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. If you enable this policy setting,
This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). If you enable this policy setting, SSL ciph
This policy setting lets you configure Windows spotlight on the lock screen. If you enable this policy setting, "Windows spotligh
This policy setting prevents Windows Tips from being shown to users. If you enable this policy setting, users will no longer see
This policy setting lets you turn off all Windows Spotlight features at once. If you enable this policy setting, Windows spotlight
This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account. If you ena
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that
Make the automatic acceptance of incoming calls persistent.
Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
Disables the Chat feature of NetMeeting.
Disables the directory feature of NetMeeting. Users will not logon to a directory (ILS) server when NetMeeting starts. Users w
Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older
Disables the 2.x whiteboard feature of NetMeeting. The 2.x whiteboard is available for compatibility with older versions of Ne
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their com
Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement m
Disables the T.126 whiteboard feature of NetMeeting.
Configures NetMeeting to download settings for users each time it starts. The settings are downloaded from the URL listed in t
Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwid
Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication setti
Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the rig
Limits the size of files users can send to others in a conference.
Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.
Prevents users from turning on automatic acceptance of incoming calls. This ensures that others cannot call and connect to Ne
Prevents users from changing the way calls are placed, either directly or via a gatekeeper server.
Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality, but older audio h
Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the oth
Prevents users from sharing the whole desktop. They will still be able to share individual applications.
Prevents users from receiving files from others in a conference.
Prevents users from receiving video. Users will still be able to send video provided they have the hardware."
Prevents users from sending files to others in a conference.
Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since comma
Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer
Prevents users from viewing directories as Web pages in a browser.
Sets the level of security for both outgoing and incoming NetMeeting calls.
Sets the URL NetMeeting will display when the user chooses the Help Online Support command.
This policy setting controls the default Control Panel view, whether by category or icons. If this policy setting is enabled, the Co
This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Co
Disables all Control Panel programs and the PC settings app. This setting prevents Control.exe and SystemSettings.exe, the pro
This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control P
Disables the Display Control Panel. If you enable this setting, the Display Control Panel does not run. When users try to start D
This policy setting controls whether the lock screen appears for users. If you enable this policy setting, users that are not requi
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver
Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB. By d
This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file.
Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it. If this s
This setting allows you to force a specific visual style file by entering the path (location) of the visual style file. This can be a loc
Specifies the screen saver for the user's desktop. If you enable this setting, the system displays the specified screen saver on th
Removes the Settings tab from Display in Control Panel. This setting prevents users from using Control Panel to add, configure,
Specifies which theme file is applied to the computer the first time a user logs on. If you enable this setting, the theme that yo
Determines whether screen savers used on the computer are password protected. If you enable this setting, all screen savers a
Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Cont
This setting forces the theme color scheme to be the default color scheme. If you enable this setting, a user cannot change the
Prevents users from adding or changing the background design of the desktop. By default, users can use the Desktop Backgrou
Prevents users from changing the desktop icons. By default, users can use the Desktop Icon Settings dialog in the Personalizati
Prevents users from changing the background image shown when the machine is locked or when on the logon screen. By defa
Prevents users from changing the mouse pointers. By default, users can use the Pointers tab in the Mouse Control Panel to add
Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from
Prevents users from changing the sound scheme. By default, users can use the Sounds tab in the Sound Control Panel to add, r
Prevents users from changing the look of their start menu background, such as its color or accent. By default, users can change
This setting disables the theme gallery in the Personalization Control Panel. If you enable this setting, users cannot change or s
Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens. When en
Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By
Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By defau
Prevents users from changing the size of the font in the windows and buttons displayed on their screens. If this setting is enab
Specifies how much user idle time must elapse before the screen saver is launched. When configured, this idle time can be set
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account p
This policy setting allows you to control whether or not the user may alter the time before a password is required when a devic
This policy setting allows the administrator to assign a specified credential provider as the default credential provider. If you en
This policy setting specifies a default logon domain, which might be a different domain than the domain to which the compute
This policy setting allows the administrator to exclude the specified credential providers from use during authentication. Note
This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy s
This policy setting allows you to control whether a domain user can sign in using a convenience PIN. In Windows 10, convenien
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). If you en
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). If you en
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). If you en
When running in restricted mode, participating apps do not expose credentials to remote computers (regardless of the delegati
This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you
This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you
This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running applicatio
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or o
This policy setting prevents users from changing their Windows password on demand. If you enable this policy setting, the 'Ch
This policy setting prevents users from locking the system. While locked, the desktop is hidden and the system cannot be used
This policy setting disables or removes all menu items and buttons that log the user off the system. If you enable this policy se
This policy setting prevents users from starting Task Manager. Task Manager (taskmgr.exe) lets users start and stop programs; m
This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 will send minimal d
This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 will send minimal d
With this policy setting, you can forward connected user experience and telemetry requests to a proxy server. If you enable th
This policy setting defines the identifier used to uniquely associate this devices telemetry data as belonging to a given organiza
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device be
Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" lis
Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation se
Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0
Set this policy to configure the use of Windows Update Delivery Optimization in downloads of Windows Apps and Updates. Av
Group ID must be set as a GUID. Set this policy to specify an arbitrary group ID that the device belongs to. Use this if you need
Set this policy to define the max time that each file is held in the Delivery Optimization cache.
Set this policy to define the max cache size Delivery Optimization can utilize, as a percentage of available disk space.
Set this policy to define a cap for the upload bandwidth a device will utilize across all concurrent upload activity via Delivery Op
Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activ
Specifies the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a per
Specifies the minimum download QoS (Quality of Service or speed) for background downloads in KiloBytes/second. This policy
Specifies the drive Delivery Optimization shall use for its cache. By default, %SystemDrive% is used to store the cache. The drive
Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar mo
Adds and deletes specified Web content items. You can use the "Add" box in this setting to add particular Web-based items or
Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If us
Specifies the desktop background ("wallpaper") displayed on all users' desktops. This setting lets you specify the wallpaper on
Disables Active Desktop and prevents users from enabling it. This setting prevents users from trying to enable or disable Active
Removes Active Desktop content and prevents users from adding Active Desktop content. This setting removes all Active Desk
Remote shared folders are not added to Network Locations whenever you open a document in the shared folder. If you disable
Prevents users from saving certain changes to the desktop. If you enable this setting, users can change the desktop, but some
Enables Active Desktop and prevents users from disabling it. This setting prevents users from trying to enable or disable Active
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional fi
Hides the Active Directory folder in Network Locations. The Active Directory folder displays Active Directory objects in a brows
Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Compu
Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar. This setting does not prev
Removes the Network Locations icon from the desktop. This setting only affects the desktop icon. It does not prevent users fro
Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory.
Prevents users from manipulating desktop toolbars. If you enable this setting, users cannot add or remove toolbars from the d
Prevents users from adding Web content to their Active Desktop. This setting removes the "New" button from Web tab in Disp
Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbar
Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration. This is a comprehen
Prevents users from removing Web content from their Active Desktop. In Active Desktop, you can add items to the desktop bu
Prevents users from deleting Web content from their Active Desktop. This setting removes the Delete button from the Web tab
Prevents users from changing the properties of Web content items on their Active Desktop. This setting disables the Propertie
Prevents users from changing the path to their profile folders. By default, a user can change the location of their individual pro
This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view o
Removes most occurrences of the My Documents icon. This setting removes the My Documents icon from the desktop, from F
This setting hides Properties on the context menu for Computer. If you enable this setting, the Properties option will not be pr
This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon. If you enable this p
Removes the Properties option from the Recycle Bin context menu. If you enable this setting, the Properties option will not be
Removes most occurrences of the Recycle Bin icon. This setting removes the Recycle Bin icon from the desktop, from File Explo
Prevents users from using the Desktop Cleanup Wizard. If you enable this setting, the Desktop Cleanup wizard does not autom
Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you
Changes behavior of Microsoft bus drivers to work with specific devices.
Changes behavior of 3rd-party drivers to work around incompatibilities introduced between OS versions.
This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop compu
Deploy Code Integrity Policy This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed
Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to prov
This policy setting allows you to determine whether members of the Administrators group can install and update the drivers fo
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allo
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Wi
This policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the b
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, r
Determines how the system responds when a user tries to install device driver files that are not digitally signed. This setting es
This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If y
This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a p
This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would norma
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is pre
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Wi
This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when t
This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with dr
This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change
This policy setting prevents redirection of specific USB devices. If you enable this setting, an alternate driver for the USB device
This policy setting prevents redirection of USB devices. If you enable this setting, an alternate driver for USB devices cannot be
This setting configures the location that Windows searches for drivers when a new piece of hardware is found. By default, Win
Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This p
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy
Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastr
This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable
This policy setting allows you to specify the search server that Windows uses to find updates for device drivers. If you enable t
This policy setting allows you to turn off "Found New Hardware" balloons during device installation. If you enable this policy se
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the In
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the In
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain control
Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketpla
Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketpla
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T.
This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. Self-Monitoring And Reporting Techno
This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system. If you enable this policy
This policy setting turns off power save mode on the hybrid hard disks in the system. If you enable this policy setting, the hard
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you hav
This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting, frequently written fi
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media. If you disable
This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from
This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. If you ena
This policy setting determines whether the system records an event in the local Application log when users reach their disk quo
This policy setting determines whether the system records an event in the Application log when users reach their disk quota w
This policy setting specifies the default disk quota limit and warning level for new users of the volume. This policy setting dete
Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on
Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the
Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names. If you enable this policy setting
Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those confi
Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes
Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. An un
Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update
Specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Un
Specifies that responses from link local name resolution protocols received over a network interface that is higher in the bindin
Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution. To use this policy setti
Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process. With devolution, a DNS
Specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resoluti
Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of it
Specifies if DNS client computers will register PTR resource records. By default, DNS clients configured to perform dynamic DN
Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to comp
Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. This polic
Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this p
Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on
Specifies that link local multicast name resolution (LLMNR) is disabled on client computers. LLMNR is a secondary name resolu
Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance
Specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over D
Specifies the security level for dynamic DNS updates. To use this policy setting, click Enabled and then select one of the follow
Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level d
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent user
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent user
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the W
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the W
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maxim
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maxim
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this polic
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this polic
This policy setting controls the Start background visuals. If you enable this policy setting, the Start background will use a solid
This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyp
This policy setting allows you to restrict character code range of conversion by setting character filter. If you enable this policy
This policy setting allows you to turn off the ability to use a custom dictionary. If you enable this policy setting, you cannot add
This policy setting allows you to turn off history-based predictive input. If you enable this policy setting, history-based predictiv
This policy setting allows you to turn off Internet search integration. If you enable this policy setting, you cannot add a new sea
This policy setting allows you to turn off Open Extended Dictionary. If you enable this policy setting, Open Extended Dictionary
This policy setting allows you to turn off saving the auto-tuning result to file. If you enable this policy setting, the auto-tuning d
This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't e
This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't e
This policy setting allows you to turn on logging of misconversion for the misconversion report. If you enable this policy setting
This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early
If you disable this policy setting, users will not be able to invoke any system UI by swiping in from any screen edge. If you enab
If you disable this policy setting, users will not be able to invoke any system UI by swiping in from any screen edge. If you enab
Disables help tips that Windows shows to the user. By default, Windows will show the user help tips until the user has success
Disables help tips that Windows shows to the user. By default, Windows will show the user help tips until the user has success
This policy setting allows you to prevent the last app and the list of recent apps from appearing when the mouse is pointing to
This policy setting allows you to prevent users from replacing the Command Prompt with Windows PowerShell in the menu the
This policy setting allows you to prevent Search, Share, Start, Devices, and Settings from appearing when the mouse is pointing
If you enable this setting, users will not be allowed to switch between recent apps. The App Switching option in the PC settings
This policy setting prevents Windows from keeping track of the apps that are used and searched most frequently. If you enable
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. If you enable this policy s
This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing on
This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable o
This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Enginee
This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer. If you e
This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device. If you enable this
This policy setting configures whether or not Windows will activate an Enhanced Storage device. If you enable this policy settin
This policy setting locks Enhanced Storage devices when the computer is locked. This policy setting is supported in Windows S
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automa
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automa
This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send err
This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting, you c
This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting, you c
This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reportin
This policy setting controls the behavior of the Windows Error Reporting archive. If you enable this policy setting, you can confi
This policy setting controls the behavior of the Windows Error Reporting archive. If you enable this policy setting, you can confi
This policy setting determines the behavior of the Windows Error Reporting report queue. If you enable this policy setting, you
This policy setting determines the behavior of the Windows Error Reporting report queue. If you enable this policy setting, you
This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If you enable this pol
This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If you enable this pol
This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is ena
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal se
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal se
This policy setting controls whether users are shown an error dialog box that lets them report an error. If you enable this polic
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. If you en
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. If you en
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CA
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CA
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. If y
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. If y
This policy setting specifies applications for which Windows Error Reporting should always report errors. To create a list of app
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is
This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting
This policy setting prevents the display of the user interface for critical errors. If you enable this policy setting, Windows Error R
This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled. If you en
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amo
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amo
This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to th
This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target S
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting turns on logging. If you enable or do not configure this policy setting, then events can be written to this log.
This policy setting lets you configure Protected Event Logging. If you enable this policy setting, components that support it will
This is the program that will be invoked when the user clicks the events.asp link.
This specifies the command line parameters that will be passed to the events.asp program
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to u
This policy setting configures File Explorer to always display the menu bar. Note: By default, the menu bar is not displayed in Fi
This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profi
This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Use
Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by
This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explore
Specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. If you enab
Specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace. If you enable t
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace
This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft. If you enable
This policy setting allows you to turn off File History. If you enable this policy setting, File History cannot be activated to create
This policy setting allows you to configure the recovery behavior for corrupted files to one of three states: Regular: Detection,
Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only
Determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shar
Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operatio
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and crea
Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creatio
TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Please enable it if you want to use t
Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing over
Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond th
Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable t
These settings provide control over whether or not short names are generated during file creation. Some applications require
This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, M
This policy setting allows you to control whether individual redirected shell folders are available offline by default. For the fold
This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or sim
This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to im
This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to im
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Program
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Program
Hides the Preview Pane in File Explorer. If you enable this policy setting, the Preview Pane in File Explorer is hidden and canno
This policy setting shows or hides the Details Pane in File Explorer. If you enable this policy setting and configure it to hide the
This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption pro
Manages download of game box art and ratings from the Windows Metadata Services. If you enable this setting, game inform
Manages download of game update information from Windows Metadata Services. If you enable this setting, game update inf
Tracks the last play time of games in the Games folder. If you enable this setting the last played time of games will not be recor
This policy enables the automatic learning component of input personalization that includes speech, inking, and typing. Autom
This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but are not u
This policy setting determines how programs interpret two-digit years. This policy setting affects only the programs that use th
This policy setting prevents users from changing their user geographical location (GeoID). If you enable this policy setting, user
This policy setting prevents users from changing their user geographical location (GeoID). If you enable this policy setting, user
This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is r
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the
This policy setting prevents the user from customizing their locale by changing their user overrides. Any existing overrides in p
This policy setting prevents the user from customizing their locale by changing their user overrides. Any existing overrides in p
This policy setting controls which UI language is used for computers with more than one UI language installed. If you enable th
This policy setting removes the Administrative options from the Region settings control panel. Administrative options include i
This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control pan
This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional O
This policy setting removes the regional formats interface from the Region settings control panel. This policy setting is used on
This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region setting
This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to
This policy setting restricts the Windows UI language for all users. This is a policy setting for computers with more than one UI
This policy setting restricts the Windows UI language for specific users. This policy setting applies to computers with more than
This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from
This policy setting turns off the automatic learning component of handwriting recognition personalization. Automatic learning
This policy setting turns off the automatic learning component of handwriting recognition personalization. Automatic learning
This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from cha
This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an a
This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from
This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logon
This policy setting lets you always use local ADM files for the Group Policy snap-in. By default, when you edit a Group Policy Ob
This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (th
This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection f
This policy setting determines when disk quota policies are updated. This policy setting affects all policies that use the disk quo
This policy setting determines when encryption policies are updated. This policy setting affects all policies that use the encrypti
This policy setting determines when folder redirection policies are updated. This policy setting affects all policies that use the f
This policy setting allows you to configure Group Policy caching behavior. If you enable or do not configure this policy setting,
This policy setting determines which domain controller the Group Policy Object Editor snap-in uses. If you enable this setting,
This policy setting defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is tra
This policy setting defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is tra
This policy setting determines when Internet Explorer Maintenance policies are updated. This policy setting affects all policies
This policy setting determines when IP security policies are updated. This policy setting affects all policies that use the IP secur
Enter 0 to disable Logon Script Delay. This policy setting allows you to configure how long the Group Policy client waits afte
This policy setting determines when registry policies are updated. This policy setting affects all policies in the Administrative Te
This policy setting determines when policies that assign shared scripts are updated. This policy setting affects all policies that u
This policy setting determines when security policies are updated. This policy setting affects all policies that use the security co
This policy setting determines when software installation policies are updated. This policy setting affects all policy settings that
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a com
This policy setting determines when policies that assign wired network settings are updated. This policy setting affects all polic
This policy setting determines when policies that assign wireless network settings are updated. This policy setting affects all po
This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue exp
This policy setting allows you to create new Group Policy object links in the disabled state. If you enable this setting, you can cr
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default, interactively logged
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default, interactively logged
Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used
This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provid
This policy setting allows you to configure Group Policy caching behavior on Windows Server machines. If you enable this polic
This policy setting prevents administrators from viewing or using Group Policy preferences. A Group Policy administration (.adm
This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a
This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a
This policy setting allows you to control a user's ability to invoke a computer policy refresh. If you enable this policy setting, us
This policy setting allows you to set the default display name for new Group Policy objects. This setting allows you to specify th
This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background).
This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background
This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This
This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy proce
This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy pr
Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy O
This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group
This policy setting prevents the Group Policy Client Service from stopping when idle.
This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied. By default, the policy settings in Local
This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer. RSoP logs information o
This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font in
This policy setting allows you to configure when preference items in the Applications preference extension are updated. If you
This policy setting allows you to configure the level of detail recorded by event logging for the Applications preference extensio
This policy setting allows you to configure when preference items in the Data Sources preference extension are updated. If you
This policy setting allows you to configure the level of detail recorded by event logging for the Data Sources preference extensi
This policy setting allows you to configure when preference items in the Devices preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Devices preference extension, an
This policy setting allows you to configure when preference items in the Drive Maps preference extension are updated. If you e
This policy setting allows you to configure the level of detail recorded by event logging for the Drive Maps preference extension
This policy setting allows you to configure when preference items in the Environment preference extension are updated. If you
This policy setting allows you to configure the level of detail recorded by event logging for the Environment preference extensio
This policy setting allows you to configure when preference items in the Files preference extension are updated. If you enable
This policy setting allows you to configure the level of detail recorded by event logging for the Files preference extension, and t
This policy setting allows you to configure when preference items in the Folder Options preference extension are updated. If y
This policy setting allows you to configure the level of detail recorded by event logging for the Folder Options preference exten
This policy setting allows you to configure when preference items in the Folders preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Folders preference extension, an
This policy setting allows you to configure when preference items in the Ini Files preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Ini Files preference extension, an
This policy setting allows you to configure when preference items in the Internet Settings preference extension are updated. If
This policy setting allows you to configure the level of detail recorded by event logging for the Internet preference extension, a
This policy setting allows you to configure when preference items in the Local Users and Groups preference extension are upda
This policy setting allows you to configure the level of detail recorded by event logging for the Local User and Local Group prefe
This policy setting allows you to configure when preference items in the Network Options preference extension are updated. I
This policy setting allows you to configure the level of detail recorded by event logging for the Network Options preference ext
This policy setting allows you to configure when preference items in the Network Shares preference extension are updated. If
This policy setting allows you to configure the level of detail recorded by event logging for the Network Shares preference exte
This policy setting allows you to configure when preference items in the Power Options preference extension are updated. If y
This policy setting allows you to configure the level of detail recorded by event logging for the Power Options preference exten
This policy setting allows you to configure when preference items in the Printers preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Printers preference extension, an
This policy setting allows you to configure when preference items in the Regional Options preference extension are updated. I
This policy setting allows you to configure the level of detail recorded by event logging for the Regional Options preference exte
This policy setting allows you to configure when preference items in the Registry preference extension are updated. If you ena
This policy setting allows you to configure the level of detail recorded by event logging for the Registry preference extension, an
This policy setting allows you to configure when preference items in the Scheduled Tasks preference extension are updated. If
This policy setting allows you to configure the level of detail recorded by event logging for the Scheduled Tasks preference exte
This policy setting allows you to configure when preference items in the Services preference extension are updated. If you ena
This policy setting allows you to configure the level of detail recorded by event logging for the Services preference extension, a
This policy setting allows you to configure when preference items in the Shortcuts preference extension are updated. If you en
This policy setting allows you to configure the level of detail recorded by event logging for the Shortcuts preference extension,
This policy setting allows you to configure when preference items in the Start Menu preference extension are updated. If you e
This policy setting allows you to configure the level of detail recorded by event logging for the Start Menu preference extension
This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When proh
This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in
This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension
This policy setting allows you to permit or prohibit use of the Devices preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Drive Maps preference extension. When a preference extension i
This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension
This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohi
This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extensio
This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is pro
This policy setting allows you to permit or prohibit use of the Ini Files preference extension. When a preference extension is pro
This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference exten
This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference
This policy setting allows you to permit or prohibit use of the Network Options preference extension. When a preference exten
This policy setting allows you to permit or prohibit use of the Network Shares preference extension. When a preference extens
This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extensio
This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited, the Preferences tab does not a
This policy setting allows you to permit or prohibit use of the Printers preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Regional Options preference extension. When a preference exten
This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extens
This policy setting allows you to permit or prohibit use of the Services preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is p
This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension i
This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Re
This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specifi
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can p
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can p
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Pre
This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewe
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience
This policy setting specifies whether users can provide ratings for Help content. If you enable this policy setting, ratings contro
This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows O
This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If yo
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If yo
This policy setting allows you to remove access to Windows Update. If you enable this policy setting, all Windows Update featu
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file typ
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file typ
This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically, a c
This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing,
This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing,
This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application. The E
This policy setting specifies whether to show the "Did you know?" section of Help and Support Center. This content is dynamic
This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.
This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Se
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering w
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering w
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandle
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandle
This policy setting specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to p
This policy setting specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to p
This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you
This policy setting specifies whether Search Companion should automatically download content updates during local and Inter
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The Ord
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The Ord
This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the
This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger so
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger so
This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Imp
This policy setting controls whether or not errors are reported to Microsoft. Error Reporting is used to report information abou
This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determ
This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device a
"This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, se
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, se
This policy setting allows you to add default Accelerators. If you enable this policy setting, the specified Accelerators are added
This policy setting allows you to add default Accelerators. If you enable this policy setting, the specified Accelerators are added
This policy setting allows you to add non-default Accelerators. If you enable this policy setting, the specified Accelerators are a
This policy setting allows you to add non-default Accelerators. If you enable this policy setting, the specified Accelerators are a
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explore
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explore
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone c
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone c
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences sele
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences sele
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attemp
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Exp
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Exp
This policy setting allows you to manage whether users can automatically download and install Web components (such as font
This policy setting allows you to manage whether users can automatically download and install Web components (such as font
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI d
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI d
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional
This policy setting determines whether Internet Explorer uses the HTTP2 network protocol. HTTP2 requests help optimize the l
This policy setting determines whether Internet Explorer uses the HTTP2 network protocol. HTTP2 requests help optimize the l
This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests
This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide en
This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide en
This policy setting allows the user to run natively implemented, scriptable XMLHTTP. If you enable this policy setting, the user
This policy setting allows the user to run natively implemented, scriptable XMLHTTP. If you enable this policy setting, the user
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run
This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows it
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows websites to store file resources in application caches on client computers. If you enable this policy se
This policy setting allows websites to store file resources in application caches on client computers. If you enable this policy se
This policy setting allows websites to store indexed database cache information on client computers. If you enable this policy s
This policy setting allows websites to store indexed database cache information on client computers. If you enable this policy s
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header. If you enable this policy
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header. If you enable this policy
Designates the Audio/Video Player ActiveX control as administrator-approved. This control is used for playing sounds, videos, a
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Expl
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Expl
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to pe
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to pe
This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to pe
This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to pe
Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved. This control enables e
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certifica
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certifica
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher
Allows Administrators to enable and disable the Media Explorer Bar and set the auto-play default. The Media Explorer Bar play
Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potenti
Specifies which buttons will be displayed on the standard toolbar in Microsoft Internet Explorer. If you enable this policy, you c
This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective
This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Age
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Age
This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user. N
This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user. N
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denie
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denie
This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. The
This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Tempora
This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Tempora
Prevents users from adding channels to Internet Explorer. Channels are Web sites that are updated automatically on your com
Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available
Disables existing schedules for downloading Web pages for offline viewing. When users make Web pages available for offline v
This AutoComplete feature suggests possible matches when users are filling up forms. If you enable this setting, the user is no
Prevents Internet Explorer from automatically installing components. If you enable this policy, it prevents Internet Explorer fro
Prevents automatic proxy scripts, which interact with a server to automatically configure users' proxy settings, from being store
If you enable this policy, the user cannot modify the Accessibility options. All options in the "Accessibility" window on the Gene
Prevents users from changing settings on the Advanced tab in the Internet Options dialog box. If you enable this policy, users a
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet E
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet E
Prevents users from changing the default programs for managing schedules and contacts. If you enable this policy, the Calenda
Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software pub
Prevents users from changing the default Web page colors. If you enable this policy, the color settings for Web pages appear d
Prevents users from changing dial-up settings. If you enable this policy, the Settings button on the Connections tab in the Inter
Prevents users from changing dial-up settings. If you enable this policy, the Settings button on the Connections tab in the Inter
Prevents Microsoft Internet Explorer from checking to see whether it is the default browser. If you enable this policy, the Inter
Prevents users from changing font settings. If you enable this policy, users will not be able to change font settings for viewing W
The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer
Prevents users from changing language preference settings. If you enable this policy, users will not be able to set language pre
Prevents users from changing the colors of links on Web pages. If you enable this policy, the color settings for links appear dim
Prevents users from changing the default programs for messaging tasks. If you enable this policy, the E-mail, Newsgroups, and
Prevents users from changing Profile Assistant settings. If you enable this policy, the My Profile button appears dimmed in the
Prevents users from changing ratings that help control the type of Internet content that can be viewed. If you enable this polic
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever
Prevents users from changing the browser cache settings, such as the location and amount of disk space to use for the Tempor
Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their compu
Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars.
Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer. If you enable th
Prevents content from being downloaded from Web sites that users have subscribed to. When users make Web pages availabl
Prevents users from adding, editing, or removing schedules for offline viewing of Web pages and groups of Web pages that use
Prevents users from editing an existing schedule for downloading Web pages for offline viewing. When users make Web pages
Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
Prevents users from running the Internet Connection Wizard. If you enable this policy, the Setup button on the Connections ta
Prevents channel providers from recording information about when their channel pages are viewed by users who are working
Prevents using the shortcut menu to open a link in a new browser window. If you enable this policy, users cannot point to a lin
Prevents Internet Explorer from checking whether a new version of the browser is available. If you enable this policy, it preven
Prevents users from disabling channel synchronization in Microsoft Internet Explorer. Channels are Web sites that are automati
Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing. When users mak
Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk. If you enable th
Prevents the Internet Explorer splash screen from appearing when users start the browser. If you enable this policy, the splash
Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new compone
Removes the Advanced tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Advanced tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Connections tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevent
Removes the Connections tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevent
If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and
If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and
Removes the General tab from the interface in the Internet Options dialog box. If you enable this policy, users are unable to se
Removes the General tab from the interface in the Internet Options dialog box. If you enable this policy, users are unable to se
Removes the Privacy tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented fro
Removes the Privacy tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented fro
Removes the Programs tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Programs tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Prevents users from restoring default settings for home and search pages. If you enable this policy, the Reset Web Settings butt
Removes the Security tab from the interface in the Internet Options dialog box. If you enable this policy, it prevents users from
Removes the Security tab from the interface in the Internet Options dialog box. If you enable this policy, it prevents users from
Specifies that error messages will be displayed to users if problems occur with proxy scripts. If you enable this policy, error me
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage where tabs are displayed. If you enable this policy setting, tabs are displayed on a sep
This policy setting allows you to manage where tabs are displayed. If you enable this policy setting, tabs are displayed on a sep
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. Whe
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. Whe
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings al
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings al
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager. If
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager. If
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The rev
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The rev
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) infor
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) infor
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command
This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode. The threshold sets the number
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode. The threshold sets the number
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode. The threshold sets the numb
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode. The threshold sets the numb
Prevents users from closing Microsoft Internet Explorer and File Explorer. If you enable this policy, the Close command on the
Prevents users from opening a new browser window from the File menu. If this policy is enabled, users cannot open a new bro
Prevents users from opening a file or Web page from the File menu in Internet Explorer. If you enable this policy, the Open dia
Prevents users from saving the complete contents that are displayed on or run from a Web page, including the graphics, scripts
Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share. If you enable this
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Internet security zone.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Intranet security z
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Computer security
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Restricted Sites security
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Trusted Sites security zo
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. If you enable this policy se
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. If you enable this policy se
Prevents users from displaying tips for users who are switching from Netscape. If you enable this policy, the For Netscape User
Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu. If you enable t
Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer. If you enable this policy, th
Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer. If you enable this policy, the T
Prevents users from adding, removing, editing or viewing the list of Favorite links. The Favorites list is a way to store popular lin
This policy setting allows you to show or hide the Command bar. If you enable this policy setting, the Command bar is hidden a
This policy setting allows you to show or hide the Command bar. If you enable this policy setting, the Command bar is hidden a
This policy setting allows you to show or hide the status bar. If you enable this policy setting, the status bar is hidden and the u
This policy setting allows you to show or hide the status bar. If you enable this policy setting, the status bar is hidden and the u
Prevents users from configuring unique identities by using Identity Manager. Identity Manager enables users to create multiple
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with
This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are availabl
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from run
File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from run
This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or c
This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or c
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this p
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this p
This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file d
This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file d
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local I
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local I
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable th
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable th
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone. If yo
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone. If yo
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
Designates a set of Microsoft Network (MSN) Investor controls as administrator-approved. These controls enable users to view
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionall
This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionall
This policy setting allows you to control which Domains are included in the discovery functionality of the Internet Explorer Site
This policy setting allows you to control which Domains are included in the discovery functionality of the Internet Explorer Site
This policy setting allows you to control which site zones are included in the discovery functionality of the Internet Explorer Site
This policy setting allows you to control which site zones are included in the discovery functionality of the Internet Explorer Site
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This policy setting allows you to lock or unlock the toolbars on the user interface. If you enable this policy setting, the toolbars
This policy setting allows you to lock or unlock the toolbars on the user interface. If you enable this policy setting, the toolbars
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons. If you enable this po
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons. If you enable this po
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
Applies proxy settings to all users of the same computer. If you enable this policy, users cannot set user-specific proxy settings.
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your
Designates a set of Microsoft ActiveX controls used to manipulate pop-up menus in the browser as administrator-approved. If
Designates the Microsoft Agent ActiveX control as administrator-approved. Microsoft Agent is a set of software services that s
Designates the Microsoft Chat ActiveX control as administrator-approved. This control is used by Web authors to build text-bas
Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to rende
Designates Microsoft Survey Control as an administrator approved control. If you enable this policy, this control can be run in s
Designates a set of MSNBC controls as administrator-approved. These controls enable enhanced browsing of news reports on
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
Designates NetShow File Transfer Control as an administrator approved control. If you enable this policy, this control can be ru
This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser. If yo
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop. If you enable this policy setting,
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop. If you enable this policy setting,
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Gener
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Gener
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only soun
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only soun
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only em
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only em
This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Intern
This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Intern
This policy setting positions the menu bar above the navigation bar. The navigation bar contains icons for a variety of features,
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check. If you enable
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check. If you enable
This policy setting prevents the user from performing actions which will delete browsing history. For more information on brow
This policy setting prevents the user from performing actions which will delete browsing history. For more information on brow
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Win
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Win
This policy setting prevents the user from accessing Help in Internet Explorer. If you enable this policy setting, the following oc
This policy setting prevents the user from accessing Help in Internet Explorer. If you enable this policy setting, the following oc
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the use
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the use
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block
This policy setting specifies if a user can change proxy settings. If you enable this policy setting, the user will not be able to con
This policy setting specifies if a user can change proxy settings. If you enable this policy setting, the user will not be able to con
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.
This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tool
This policy setting prevents the user from choosing the default text size in Internet Explorer. If you enable this policy setting, th
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applica
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applica
This policy setting allows you to configure how new tabs are created by default in Internet Explorer. If you enable this policy se
This policy setting allows you to configure how new tabs are created by default in Internet Explorer. If you enable this policy se
This policy setting specifies whether the user can conduct a search on the Address bar. If you enable this policy setting, you mu
This policy setting specifies whether the user can conduct a search on the Address bar. If you enable this policy setting, you mu
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on th
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on th
In Internet Explorer 9 and Internet Explorer 10: This policy setting prevents users from deleting ActiveX Filtering and Tracking P
In Internet Explorer 9 and Internet Explorer 10: This policy setting prevents users from deleting ActiveX Filtering and Tracking P
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History di
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History di
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data dur
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data dur
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box. I
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box. I
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing Hist
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing Hist
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors tha
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors tha
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all
You can allow pop-ups from specific websites by adding the sites to the exception list. If you enable this policy setting, the use
You can allow pop-ups from specific websites by adding the sites to the exception list. If you enable this policy setting, the use
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is kno
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is kno
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudu
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudu
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). If you enable
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). If you enable
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after ins
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after ins
This policy setting prevents the user from specifying the background color in Internet Explorer. If you enable this policy setting
This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the u
This policy setting prevents the user from specifying the text color in Internet Explorer. If you enable this policy setting, the use
This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Dow
This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate
This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate
This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on t
This policy setting prevents the user from specifying the update check interval. The default value is 30 days. If you enable this
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice. If you enable this policy setting, the
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice. If you enable this policy setting, the
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default duri
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default duri
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, availa
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, availa
This policy setting prevents the user from using Windows colors as a part of the display settings. If you enable this policy settin
This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entere
This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entere
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code insta
This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code insta
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX
This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy. If yo
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy. If yo
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those define
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those define
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
Disables using the F3 key to search in Internet Explorer and File Explorer. If you enable this policy, the search functionality of th
Makes the Customize button in the Search Assistant appear dimmed. The Search Assistant is a tool that appears in the Search
Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same securi
Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you
Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same secu
This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use
This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized doma
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized doma
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limi
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limi
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set th
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set th
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Intern
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Intern
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage lim
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage lim
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an app
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an app
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, yo
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, yo
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms th
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms th
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can se
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can se
Designates Shockwave flash as an administrator approved control. If you enable this policy, this control can be run in security z
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box. If you enable this p
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box. If you enable this p
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone nu
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone nu
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to specify what is displayed when the user opens a new tab. If you enable this policy setting, you
This policy setting allows you to specify what is displayed when the user opens a new tab. If you enable this policy setting, you
This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls ar
This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls ar
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explo
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explo
This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
Restricts the amount of information downloaded for offline viewing. If you enable this policy, you can set limits to the size and
Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer. If you enable
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar,
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar,
This policy setting allows you to manage whether users can access Accelerators. If you enable this policy setting, users cannot
This policy setting allows you to manage whether users can access Accelerators. If you enable this policy setting, users cannot
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enable
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enable
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology
This policy setting turns off Automatic Crash Recovery. If you enable this policy setting, Automatic Crash Recovery does not pro
This policy setting turns off Automatic Crash Recovery. If you enable this policy setting, Automatic Crash Recovery does not pro
This setting determines whether IE automatically downloads updated versions of Microsofts VersionList.XML. IE uses this file t
This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser
This policy setting controls whether to have background synchronization for feeds and Web Slices. If you enable this policy setti
This policy setting controls whether to have background synchronization for feeds and Web Slices. If you enable this policy setti
This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls a
This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls a
This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX contro
This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX contro
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the re
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the re
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode. The data consis
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode. The data consis
This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she
This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Inter
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Inter
This policy setting specifies how you want links on webpages to be underlined. If you enable this policy setting, a user cannot c
This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting,
This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting,
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the pa
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the pa
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008,
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images
This policy setting specifies whether, when there is a problem connecting with an Internet server, to provide a detailed descrip
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer. If you enable this p
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer. If you enable this p
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (S
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (S
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer. If you enable this
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer. If you enable this
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting specifies whether graphical images are included when pages are displayed. Sometimes, pages that contain s
This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you
This policy setting allows you to turn off the InPrivate Browsing feature. InPrivate Browsing prevents Internet Explorer from sto
This policy setting allows you to turn off the InPrivate Browsing feature. InPrivate Browsing prevents Internet Explorer from sto
This policy setting allows you to turn off InPrivate Filtering. InPrivate Filtering helps users control whether third parties can aut
This policy setting allows you to turn off InPrivate Filtering. InPrivate Filtering helps users control whether third parties can aut
This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding
This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding
This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known
This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known
This policy setting specifies if, as you move from one Web page to another, Internet Explorer fades out of the page you are leav
This policy setting prevents the user from zooming in to or out of a page to better see the content. If you enable this policy setti
This policy setting prevents the user from zooming in to or out of a page to better see the content. If you enable this policy setti
This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke
This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke
This policy setting allows you to manage pop-up management functionality in Internet Explorer. If you enable this policy settin
This policy setting allows you to manage pop-up management functionality in Internet Explorer. If you enable this policy settin
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information. If you enable th
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information. If you enable th
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer. If you enable this policy setting, the e
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer. If you enable this policy setting, the e
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Exp
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Exp
This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8), a standard that defines characters so
This policy setting determines whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) to encode query st
This policy setting determines whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) to encode query st
This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explore
This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displa
This policy setting specifies whether smooth scrolling is used to display content at a predefined speed. If you enable this policy
This policy setting allows you to turn off suggestions for all user-installed search providers. If you enable this policy setting, the
This policy setting allows you to turn off suggestions for all user-installed search providers. If you enable this policy setting, the
This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer. If you enable this p
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. St
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. St
This policy setting allows you to manage whether users can launch the report site problems dialog using a menu option. If you
This policy setting allows you to manage whether users can launch the report site problems dialog using a menu option. If you
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar. If y
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar. If y
This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a
This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box. If you enab
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box. If you enab
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine w
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine w
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. Th
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. Th
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest obje
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest obje
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible
This policy setting allows you to turn off Tracking Protection. Tracking Protection helps users control whether third parties can
This policy setting allows you to turn off Tracking Protection. Tracking Protection helps users control whether third parties can
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on co
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on co
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Addres
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Addres
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for
This policy setting determines whether Internet Explorer saves log information for ActiveX controls. If you enable this policy se
This policy setting determines whether Internet Explorer saves log information for ActiveX controls. If you enable this policy se
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to t
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to t
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain. If you ena
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain. If you ena
This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is com
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypte
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypte
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using th
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using th
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned o
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned o
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versio
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versio
This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Expl
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Expl
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage th
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage th
This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer. If
This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer. If
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping ru
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping ru
This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. In
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on your script debugger, if one is installed. Website developers use script debuggers to tes
This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to manage the XML output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to manage the XML output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Sug
This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Sug
This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the us
This policy setting specifies whether to display script errors when a page does not appear properly because of problems with it
This policy setting makes hyperlinks change color when the mouse pointer pauses on them. If you enable this policy setting, th
Specifies that Automatic Detection will be used to configure dial-up settings for users. Automatic Detection uses a DHCP (Dyna
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1. If you enable this policy setting, Internet Ex
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1. If you enable this policy setting, Internet Ex
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections. If you enable th
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections. If you enable th
This policy setting allows you increase the size of icons for command buttons. If you enable this policy setting, icons for comma
This policy setting allows you increase the size of icons for command buttons. If you enable this policy setting, icons for comma
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. If you enable
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. If you enable
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rende
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rende
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Stan
This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Stan
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailt
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailt
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
Prevents users from displaying the browser in full-screen (kiosk) mode, without the standard toolbar. If you enable this policy,
Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu. If you enable
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to re
Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to re
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins m
If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed
If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually config
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS serve
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that ar
This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Ac
Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controllers
This policy setting controls whether the domain controller provides information about previous logons to client computers. If y
This policy setting allows you to configure a domain controller to request compound authentication. Note: For a domain contr
This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolv
This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos au
This policy setting controls whether a device always sends a compound authentication request when the resource domain requ
This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm. If you
This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined
This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server. If you enable
This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating w
This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and
This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate
This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated
This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context tok
This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.
This policy setting controls configuring the device's Active Directory account for compound authentication. Support for providi
Support for device authentication using certificate will require connectivity to a DC in the device account domain which suppor
This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part serv
This policy setting determines the cipher suites used by the SMB server. If you enable this policy setting, cipher suites are prior
This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that
This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) ha
This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB clien
This policy setting determines the cipher suites used by the SMB client. If you enable this policy setting, cipher suites are prior
This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. If you enable this policy setti
This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuo
This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availa
This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses memory leak problems. If you enable or do n
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to d
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a compu
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Win
This policy is not available in this version of Windows.
This policy setting ignores Windows Logon Background. This policy setting may be used to make Windows give preference to a
This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the netwo
This policy prevents the user from showing account details (email address or user name) on the sign-in screen. If you enable th
This policy setting directs the system to display highly detailed status messages. This policy setting is designed for advanced us
This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you en
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on. If you
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on. If you
This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy se
This policy setting ignores the customized run list. You can create a customized list of additional programs and documents that
This policy setting ignores the customized run list. You can create a customized list of additional programs and documents that
This policy setting ignores customized run-once lists. You can create a customized list of additional programs and documents th
This policy setting ignores customized run-once lists. You can create a customized list of additional programs and documents th
This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon U
This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you en
This policy setting suppresses system status messages. If you enable this setting, the system does not display a message remin
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the sy
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the sy
This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the fi
This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting,
This policy is not available in this version of Windows.
This policy setting specifies whether Mobile Device Management (MDM) Enrollment is allowed. When MDM is enabled, it allow
This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. If you enable or don't configu
This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. If you enable or don't configu
This setting lets you decide whether employees can load extensions in Microsoft Edge. If you enable or don't configure this setti
This setting lets you decide whether employees can load extensions in Microsoft Edge. If you enable or don't configure this setti
This policy setting lets you decide whether employees can browse using InPrivate website browsing. If you enable or don't con
This policy setting lets you decide whether employees can browse using InPrivate website browsing. If you enable or don't con
This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens th
This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens th
This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft E
This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft E
This setting lets you configure how to work with cookies. If you enable this setting, you must also decide whether to: Allow all
This setting lets you configure how to work with cookies. If you enable this setting, you must also decide whether to: Allow all
This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By
This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By
This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their f
This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their f
This policy setting lets you configure one or more Home pages. for domain-joined devices. Your employees won't be able to ch
This policy setting lets you configure one or more Home pages. for domain-joined devices. Your employees won't be able to ch
This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Pa
This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Pa
This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.. If you enable th
This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.. If you enable th
This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employ
This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employ
This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to h
This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to h
This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common co
This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common co
This policy settings lets you decide whether employees can access the about:flags page, which is used to change developer setti
This policy settings lets you decide whether employees can access the about:flags page, which is used to change developer setti
This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unveri
This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unveri
This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially maliciou
This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially maliciou
This policy setting lets you decide whether an employee's LocalHost IP address shows while making calls using the WebRTC pro
This policy setting lets you decide whether an employee's LocalHost IP address shows while making calls using the WebRTC pro
This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should on
This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should on
This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been op
This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been op
Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-
Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-
Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-
Prevents users from entering author mode. This setting prevents users from opening the Microsoft Management Console (MM
Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. -- If you enable this setting
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Dir
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting turns off Windows Mobility Center. If you enable this policy setting, the user is unable to invoke Windows M
This policy setting turns off Windows Mobility Center. If you enable this policy setting, the user is unable to invoke Windows M
This policy setting turns off Windows presentation settings. If you enable this policy setting, Windows presentation settings ca
This policy setting turns off Windows presentation settings. If you enable this policy setting, Windows presentation settings ca
This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary
This policy setting allows you to configure Automatic Maintenance activation random delay. The maintenance random delay is
This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if
This policy setting determines the execution level for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (M
This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (
This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. M
This policy setting permits users to change installation options that typically are available only to system administrators. If you
This policy setting allows users to search for installation files during privileged installations. If you enable this policy setting, the
This policy setting allows users to patch elevated products. If you enable this policy setting, all users are permitted to install pa
This policy setting allows users to install programs from removable media during privileged installations. If you enable this poli
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. If you ena
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. If you ena
This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer
This policy setting causes the Windows Installer to enforce strict rules for component upgrades. If you enable this policy settin
This policy setting controls the ability to prevent embedded UI. If you enable this policy setting, no packages on the system can
This policy setting allows Web-based programs to install software on the computer without notifying the user. If you disable or
This policy setting prevents users from installing any programs from removable media. If you enable this policy setting, if a use
This policy setting prevents users from using Windows Installer to install patches. If you enable this policy setting, users are pre
This policy setting controls the ability to turn off all patch optimizations. If you enable this policy setting, all Patch Optimization
This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application
This policy setting controls the ability for users or administrators to remove Windows Installer based updates. This policy settin
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsucc
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsucc
This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or
This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down
This policy setting prevents users from searching for installation files when they add features or components to an installed pro
This policy setting saves copies of transform files in a secure location on the local computer. Transform files consist of instructio
This policy setting specifies the order in which Windows Installer searches for installation files. If you disable or do not configu
Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed.
This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installatio
This policy setting controls the ability to turn off shared components. If you enable this policy setting, no packages on the syste
This policy setting restricts the use of Windows Installer. If you enable this policy setting, you can prevent users from installing
This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states: Prompt for Reso
Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies th
Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log co
Specifies whether NCA service runs in Passive Mode or not. Set this to Disabled to keep NCA probing actively all the time. If th
Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For e
Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA att
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking
Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. Wh
Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. S
This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution
This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful reso
This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachabi
This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current dom
This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network st
This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in
This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with th
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). Note:
This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm pr
This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator. The Domain Controller Lo
This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP
This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) sh
This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setti
This policy setting determines the interval at which Netlogon performs the following scavenging operations: - Checks if a passw
This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) sho
This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Log
This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this
This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not ma
This policy setting determines which DC Locator DNS records are not registered by the Net Logon service. If you enable this po
This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. Th
This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when loggin
This policy setting specifies the level of debug output for the Net Logon service. The Net Logon service outputs debug informa
This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when loggi
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs th
This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied.
This policy setting specifies the Active Directory site to which computers belong. An Active Directory site is one or more well-c
This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should r
This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resour
This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resourc
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same th
This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records fo
This policy setting specifies whether the computers to which this setting is applied attemps DNS name resolution of single-lable
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-lab
This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain c
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform perio
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs th
This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate
Determines whether a user can view and change the properties of remote access connections that are available to all users of
Determines whether users can delete all user remote access connections. To create an all-user remote access connection, on t
Determines whether users can enable/disable LAN connections. If you enable this setting, the Enable and Disable options for L
Determines whether nonadministrators can rename all-user remote access connections. To create an all-user connection, on t
Determines whether nonadministrators can rename a LAN connection. If you enable this setting, the Rename option is enable
Determines whether users can rename LAN or all user remote access connections. If you enable this setting, the Rename optio
Specifies whether or not the "local access only" network icon will be shown. When enabled, the icon for Internet access will b
Determines whether settings that existed in Windows 2000 Server family will apply to Administrators. The set of Network Con
Determines whether users can change the properties of a LAN connection. This setting determines whether the Properties me
Determines whether Administrators and Network Configuration Operators can change the properties of components used by a
Determines whether users can view and change the properties of components used by a private or all-user remote access conn
Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators
Determines whether users can use the New Connection Wizard, which creates new network connections. If you enable this se
Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
Determines whether administrators can add and remove network components for a LAN or remote access connection. This setti
Determines whether users can view and change the properties of their private remote access connections. Private connection
Determines whether users can connect and disconnect remote access connections. If you enable this setting (and enable the "
Determines whether users can delete remote access connections. If you enable this setting (and enable the "Enable Network C
Determines whether administrators can enable and disable the components used by LAN connections. If you enable this settin
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only app
Determines whether users can rename their private remote access connections. Private connections are those that are availab
Determines whether users can configure advanced TCP/IP settings. If you enable this setting (and enable the "Enable Network
Prohibits use of Internet Connection Firewall on your DNS domain network. Determines whether users can enable the Interne
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet conn
Determines whether users can view the status for an active connection. Connection status is available from the connection sta
This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable thi
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or wheth
This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is un
This setting does not apply to desktop apps. A semicolon-separated list of Internet proxy server IP addresses. These addresse
This setting does not apply to desktop apps. A semicolon-separated list of intranet proxy server IP addresses. These addresse
This setting does not apply to desktop apps. A comma-separated list of IP address ranges that are in your corporate network.
This setting does not apply to desktop apps. Turns off Windows Network Isolation's automatic proxy discovery in the domain
This setting does not apply to desktop apps. Turns off Windows Network Isolation's automatic discovery of private network h
This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specifie
Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the use
Deletes local copies of the user's offline files when the user logs off. This setting specifies that automatically and manually cach
This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any use
Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below th
This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files
Limits the percentage of the computer's disk space that can be used to store automatically cached offline files. This setting als
This policy setting enables administrators to block certain file types from being created in the folders that have been made ava
This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on
This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files
This policy setting determines whether offline files are encrypted. Offline files are locally cached copies of files from a network
Determines which events the Offline Files feature records in the event log. Offline Files records events in the Application log in
Determines which events the Offline Files feature records in the event log. Offline Files records events in the Application log in
Lists types of files that cannot be used offline. This setting lets you exclude certain types of files from automatic and manual ca
Determines how long the first reminder balloon for a network status change is displayed. Reminder balloons appear when the
Determines how long the first reminder balloon for a network status change is displayed. Reminder balloons appear when the
This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by autom
Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the
Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the
Disables the Offline Files folder. This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot u
Disables the Offline Files folder. This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot u
Prevents users from enabling, disabling, or changing the configuration of Offline Files. This setting removes the Offline Files tab
Prevents users from enabling, disabling, or changing the configuration of Offline Files. This setting removes the Offline Files tab
Determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloon
Determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloon
Determines how long updated reminder balloons are displayed. Reminder balloons appear when the user's connection to a ne
Determines how long updated reminder balloons are displayed. Reminder balloons appear when the user's connection to a ne
This policy setting prevents users from making network files and folders available offline. If you enable this policy setting, user
This policy setting prevents users from making network files and folders available offline. If you enable this policy setting, user
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" com
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" com
This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offl
This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offl
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files an
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files an
Makes subfolders available offline whenever their parent folder is made available offline. This setting automatically extends th
Determines whether offline files are fully synchronized when users log off. This setting also disables the "Synchronize all offline
Determines whether offline files are fully synchronized when users log off. This setting also disables the "Synchronize all offline
Determines whether offline files are fully synchronized when users log on. This setting also disables the "Synchronize all offline
Determines whether offline files are fully synchronized when users log on. This setting also disables the "Synchronize all offline
Determines whether offline files are synchonized before a computer is suspended. If you enable this setting, offline files are sy
Determines whether offline files are synchonized before a computer is suspended. If you enable this setting, offline files are sy
Hides or displays reminder balloons, and prevents users from changing the setting. Reminder balloons appear above the Offlin
Hides or displays reminder balloons, and prevents users from changing the setting. Reminder balloons appear above the Offlin
This policy setting allows you to turn on economical application of administratively assigned Offline Files. If you enable or do n
By default, when a Peer Group is created that allows for password-authentication (or the password for such a Group is changed
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) clou
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) clou
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) clou
This setting sets the seed server for the global cloud to a specified node in the enterprise. The Peer Name Resolution Protocol
This setting sets the seed server for the link local cloud to a specified node in the enterprise. The Peer Name Resolution Protoc
This setting sets the seed server for the site local cloud to a specified node in the enterprise. The Peer Name Resolution Protoc
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to sto
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in th
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in th
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in th
This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet h
This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet h
This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet h
This setting specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The P
This setting specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The P
This setting specifies the number of past PINs that can be associated to a user account that cant be reused. This policy enables
This setting specifies the number of past PINs that can be associated to a user account that cant be reused. This policy enables
Maximum PIN length configures the maximum number of characters allowed for the PIN. The largest number you can configur
Maximum PIN length configures the maximum number of characters allowed for the PIN. The largest number you can configur
Minimum PIN length configures the minimum number of characters required for the PIN. The lowest number you can configur
Minimum PIN length configures the minimum number of characters required for the PIN. The lowest number you can configur
Use this policy setting to configure the use of digits in the Microsoft Passport for PIN. If you enable or do not configure this po
Use this policy setting to configure the use of digits in the Microsoft Passport for PIN. If you enable or do not configure this po
Use this policy setting to configure the use of lowercase letters in the Microsoft Passport for PIN. If you enable this policy settin
Use this policy setting to configure the use of lowercase letters in the Microsoft Passport for PIN. If you enable this policy settin
Use this policy setting to configure the use of special characters in the Microsoft Passport for PIN. Allowable special characters
Use this policy setting to configure the use of special characters in the Microsoft Passport for PIN. Allowable special characters
Use this policy setting to configure the use of uppercase letters in the Microsoft Passport for PIN. If you enable this policy setti
Use this policy setting to configure the use of uppercase letters in the Microsoft Passport for PIN. If you enable this policy setti
A Trusted Platform Module (TPM) provides additional security benefits over software because data stored within it cannot be u
Microsoft Passport for Work enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN
Microsoft Passport for Work is an alternative method for signing into Windows using your Active Directory or Azure Active Dire
Use this policy setting to configure use of Remote Passport. Remote Passport provides the ability for a phone to be usable as a
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compa
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. Thi
This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to mainta
This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer na
This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by se
This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client comp
This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy i
This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is ap
This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client
This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to
Turns off Tablet PC Pen Training. If you enable this policy setting, users cannot open Tablet PC Pen Training. If you disable or d
Turns off Tablet PC Pen Training. If you enable this policy setting, users cannot open Tablet PC Pen Training. If you disable or d
Determines the execution level for Windows Boot Performance Diagnostics. If you enable this policy setting, you must select a
Determines the execution level for Windows Shutdown Performance Diagnostics. If you enable this policy setting, you must se
Determines the execution level for Windows Standby/Resume Performance Diagnostics. If you enable this policy setting, you m
Determines the execution level for Windows System Responsiveness Diagnostics. If you enable this policy setting, you must se
This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, re
This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application
This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application
This policy setting allows you to manage automatic sleep with open network files. If you enable this policy setting, the comput
This policy setting allows you to manage automatic sleep with open network files. If you enable this policy setting, the comput
This policy setting allows you to control network connectivity state on connected-standby capable systems. If you enable this p
This policy setting allows you to control network connectivity state on connected-standby capable systems. If you enable this p
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep sta
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep sta
This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.
This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action. If
This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. Th
This policy setting allows you to specify battery charge level at which Energy Saver is turned on. If you enable this policy settin
This policy setting allows you to specify battery charge level at which Energy Saver is turned on. If you enable this policy settin
This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level. If y
This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action. If yo
This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernat
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you e
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you e
This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode. If you enable t
This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan,
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include:
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include:
This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: -T
This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: -T
This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: -Ta
This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: -Ta
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. If you enable th
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. If you enable th
This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the d
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the d
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you ena
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you ena
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable t
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable t
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers displ
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers displ
This policy setting allows you to turn off hybrid sleep. If you enable this policy setting, a hiberfile is not generated when the sys
This policy setting allows you to turn off hybrid sleep. If you enable this policy setting, a hiberfile is not generated when the sys
This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.
This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy s
This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy s
This policy setting specifies the period of inactivity before Windows turns off the hard disk. If you enable this policy setting, yo
This policy setting specifies the period of inactivity before Windows turns off the hard disk. If you enable this policy setting, yo
This policy setting allows you to specify if Windows should enable the desktop background slideshow. If you enable this policy
This policy setting allows you to specify if Windows should enable the desktop background slideshow. If you enable this policy
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping. If you en
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping. If you en
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet. If you enable t
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet. If you enable t
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline ex
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline ex
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. I
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. I
This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you
This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run. If you enable this
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run. If you enable this
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come fro
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come fro
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backu
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backu
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous
Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet
If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display
This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an un
This policy controls whether the print job name will be included in print event logs. If you disable or do not configure this polic
Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer inst
When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass t
Adds a link to an Internet or intranet Web page to the Add Printer Wizard. You can use this setting to direct users to a Web pag
Allows users to use the Add Printer Wizard to search the network for shared printers. If you enable this setting or do not config
Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Window
If this policy setting is enabled, it specifies the default location criteria used when searching for printers. This setting is a comp
By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also incl
Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of sear
Determines whether printers using kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have acc
This policy determines if v4 printer drivers are allowed to run printer extensions. V4 printer drivers may include an optional, cu
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When prin
This policy setting allows you to manage where client computers search for Point and Printer drivers. If you enable this policy s
Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolati
This policy restricts clients computers to use package point and print only. If this setting is enabled, users will only be able to p
This policy restricts clients computers to use package point and print only. If this setting is enabled, users will only be able to p
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print d
Restricts package point and print to approved servers. This policy setting restricts package point and print connections to appr
Restricts package point and print to approved servers. This policy setting restricts package point and print connections to appr
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. Th
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. Th
Enables the physical Location Tracking setting for Windows printers. Use Location Tracking to design a location scheme for you
Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled, it removes the A
If this policy setting is enabled, it prevents users from deleting local and network printers. If a user tries to delete a printer, suc
Announces the presence of shared printers to print browse master servers for the domain. On domains with Active Directory,
This preference allows you to change default printer management. If you enable this setting, Windows will not manage the de
This policy controls whether the print spooler will accept client connections. When the policy is unconfigured or enabled, the
Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not c
Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. B
Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory. If you
Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This settin
Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational
Sets the priority of the pruning thread. The pruning thread, which runs only on domain controllers, deletes printer objects from
Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning
Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before
Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished
Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the
This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task. "Installed Updates
This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are curr
This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot vie
This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Cate
This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Pa
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (Serv
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (Serv
Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type
Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlle
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (Se
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (Se
Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed).
Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets rea
Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth re
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service typ
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service typ
Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetwork
Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Sch
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (Ser
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (Ser
Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). T
Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Sch
This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and W
Determines the execution level for Windows Resource Exhaustion Detection and Resolution. If you enable this policy setting, y
Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Contro
This policy setting defines when the Shutdown Event Tracker System State Data feature is activated. The system state data file
The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions th
This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a sched
This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled. If yo
This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers run
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this p
This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this p
This policy setting lets you customize warning messages. The "Display warning message before sharing control" policy setting a
This policy setting allows you to improve performance in low bandwidth scenarios. This setting is incrementally scaled from "N
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assist
Configure access to all removable storage classes. This policy setting takes precedence over any individual removable storage p
Configure access to all removable storage classes. This policy setting takes precedence over any individual removable storage p
This policy setting grants normal users direct access to removable storage devices in remote sessions. If you enable this policy
This policy setting denies execute access to the CD and DVD removable storage class. If you enable this policy setting, execute
This policy setting denies read access to the CD and DVD removable storage class. If you enable this policy setting, read access
This policy setting denies read access to the CD and DVD removable storage class. If you enable this policy setting, read access
This policy setting denies write access to the CD and DVD removable storage class. If you enable this policy setting, write acces
This policy setting denies write access to the CD and DVD removable storage class. If you enable this policy setting, write acces
This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access is den
This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access is den
This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access is de
This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access is de
This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives. If you ena
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies execute access to removable disks. If you enable this policy setting, execute access is denied to this r
This policy setting denies read access to removable disks. If you enable this policy setting, read access is denied to this remova
This policy setting denies read access to removable disks. If you enable this policy setting, read access is denied to this remova
This policy setting denies write access to removable disks. If you enable this policy setting, write access is denied to this remov
This policy setting denies write access to removable disks. If you enable this policy setting, write access is denied to this remov
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a c
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a c
This policy setting denies execute access to the Tape Drive removable storage class. If you enable this policy setting, execute ac
This policy setting denies read access to the Tape Drive removable storage class. If you enable this policy setting, read access is
This policy setting denies read access to the Tape Drive removable storage class. If you enable this policy setting, read access is
This policy setting denies write access to the Tape Drive removable storage class. If you enable this policy setting, write access
This policy setting denies write access to the Tape Drive removable storage class. If you enable this policy setting, write access
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making
This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested. The constraine
This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much inform
This policy setting controls whether the RPC runtime generates extended error information when an error occurs. Extended er
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This p
This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a
This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS o
This policy setting displays the instructions in logoff scripts as they run. Logoff scripts are batch files of instructions that run wh
This policy setting displays the instructions in logon scripts as they run. Logon scripts are batch files of instructions that run wh
This policy setting displays the instructions in shutdown scripts as they run. Shutdown scripts are batch files of instructions tha
This policy setting displays the instructions in startup scripts as they run. Startup scripts are batch files of instructions that run
This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files o
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface progra
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface progra
This policy setting lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is i
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during com
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during use
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during use
This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total
This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publi
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Pa
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted
Determines whether scheduled diagnostics will run to proactively detect and resolve system problems. If you enable this polic
Enabling this policy allows you to add a primary intranet search location within Windows Desktop Search. The value of this text
Enabling this policy allows you to add intranet search locations in addition to the primary intranet search location defined in th
This policy setting specifies whether Cortana is allowed on the device. If you enable or don't configure this setting, Cortana w
This policy setting determines whether or not the user can interact with Cortana using speech while the system is locked. If yo
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and
This policy setting specifies whether search and Cortana can provide location aware search and Cortana results. If this is enab
This policy setting allows words that contain diacritic characters to be treated as separate words. If you enable this policy settin
This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing histor
Enabling this policy defines a semicolon-delimited list of file extensions which will be allowed to have rich attachment previews
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude the
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude the
If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is
This policy setting configures whether or not locations on removable drives can be added to libraries. If you enable this policy
Enabling this policy removes the option of searching the Web from Windows Desktop Search. When this policy is disabled or n
This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are disp
This policy setting allows you to control whether or not Search can perform queries on the web over metered connections, and
Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects o
Enabling this policy allows indexing of mail items on a Microsoft Exchange server when Microsoft Outlook is not running in cac
When using Microsoft Office Outlook in online mode, you can enable this policy to control how fast online mail is indexed on a
Store indexer database in this directory. This directory must be located on a local fixed drive.
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Pa
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Pa
This policy setting allows you to enable or disable the Add/Remove location options on the All Locations menu as well as any d
This policy setting configures how Windows Search adds shared folders to the search index. If you enable this policy setting, W
If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that a
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can
If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts
If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts
Enable this policy setting to prevent the indexing of the content of e-mail attachments. If enabled, indexing service component
If enabled, files on network shares made available offline are not indexed. Otherwise they are indexed. Disabled by default.
Enable this policy to prevent indexing of any Microsoft Outlook items. The default is to automatically index Outlook items. If th
Enabling this policy allows you to edit the list of file types to exclude from indexing. The end user cannot modify this list. You sh
Enable this policy to prevent indexing public folders in Microsoft Office Outlook. When this policy is disabled or not configured
If enabled, the indexer pauses whenever the computer is running on battery. If disabled, the indexing follows the default behav
This policy setting hides or displays the Advanced Options dialog for Search and Indexing Options in the Control Panel. If you e
Enabling this policy prevents Windows Desktop Search from using iFilters and protocol handlers unless they are specified in the
Enabling this policy allows you to set the location of the preview pane in the Desktop Search results. You can also turn off the p
Enabling this policy allows you to specify whether you want large icon or small icon view for your Desktop Search results. The t
This policy setting allows you to control the SafeSearch setting used when performing a query in Search. If you enable this poli
This policy setting allows you to control what information is shared with Bing in Search. If you enable this policy setting, you ca
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the sa
This policy setting prevents search queries from being stored in the registry. If you enable this policy setting, search suggestion
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory dom
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turne
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turne
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature w
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature w
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned o
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned o
This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with update
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows S
This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy settin
This policy setting allows you to turn off the automatic display of Server Manager at logon. If you enable this policy setting, Se
This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabli
Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" pag
Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the
Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync y
Prevent the "browser" group from syncing to and from this PC. This turns off and disables the "browser" group on the "sync yo
Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop person
Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on
Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows
Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sy
Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "s
Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "s
Specifies an alternate location for Windows installation files. If you enable this policy setting, enter the fully qualified path to t
Specifies an alternate location for Windows Service Pack installation files. If you enable this policy setting, enter the fully quali
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). If you enab
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). If you
This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a h
This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within
Prevents Windows from running the programs you specify in this policy setting. If you enable this policy setting, users cannot r
Disables the Windows registry editor Regedit.exe. If you enable this policy setting and the user tries to start Regedit.exe, a me
This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines
Limits the Windows programs that users have permission to run on the computer. If you enable this policy setting, users can o
This policy setting prevents the display of the Welcome Center at user logon. If you enable this policy setting, the Welcome Ce
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windo
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windo
This policy setting allows configuration of OneDrive file sync behavior on metered connections.
This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: * U
This policy setting lets you prevent apps and features from working with files on OneDrive for Windows 8.1. If you enable this
This policy setting lets you disable OneDrive as the default save location. It does not prevent apps and users from saving files o
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. In versions of Win
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to lo
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this p
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. Under previous v
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user
This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root ce
This policy setting allows you to manage the displayed message when a smart card is blocked. If you enable this policy setting,
This policy settings lets you configure if all your valid logon certificates are displayed. During the certificate renewal period, a u
This policy setting allows you to manage the reading of all certificates from the smart card for logon. During logon Windows w
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is install
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting, Creden
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. B
This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. If you enable or
This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. If you enab
This policy setting allows you to control whether Smart Card Plug and Play is enabled. If you enable or do not configure this po
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. S
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP)
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. Simple Network Ma
Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record
Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record
This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the A
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer. The Classific
This policy setting controls which set of properties is available for classifying files on affected computers. Administrators can de
Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process. All DOS and 16-bit programs
This policy only applies to the classic version of the start menu and does not affect the new style start menu. Adds the "Log Off
If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. T
If you enable this setting, the Run command is added to the Start menu. If you disable or do not configure this setting, the Run
Set the default action of the power button on the Start menu. If you enable this setting, the Start Menu will set the power butt
Clear history of recently opened documents on exit. If you enable this setting, the system deletes shortcuts to recently used do
If you enable this policy setting, the recent programs list in the start menu will be blank for each new user. If you disable or do
If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will
This setting affects the taskbar. The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents. I
If you enable this policy the start menu search box will not search for communications. If you disable or do not configure this p
If you enable this policy setting the Start menu search box will not search for files. If you disable or do not configure this policy
If you enable this policy the start menu search box will not search for internet history or favorites. If you disable or do not confi
If you enable this policy setting the Start menu search box will not search for programs or Control Panel items. If you disable o
This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut. If yo
This policy setting prevents the system from using NTFS tracking features to resolve a shortcut. If you enable this policy setting
This setting affects the presentation of the Start menu. The classic Start menu in Windows 2000 Professional allows users to b
If you enable this policy and set it to Start menu or full screen Start, Start will be that size and users will be unable to change th
This policy setting allows users to go to the desktop instead of the Start screen when they sign in. If you enable this policy setti
Displays Start menu shortcuts to partially installed programs in gray text. This setting makes it easier for users to distinguish be
This setting affects the notification area (previously called the "system tray") on the taskbar. Description: The notification area
This policy setting allows desktop apps to be listed first in the Apps view in Start. If you enable this policy setting, desktop apps
This setting affects the taskbar, which is used to switch between running applications. The taskbar includes the Start button, lis
This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
This policy setting allows you to prevent changes to Taskbar and Start Menu Settings. If you enable this policy setting, The user
This setting affects the taskbar buttons used to switch between running programs. Taskbar grouping consolidates similar appli
This policy setting allows you to prevent users from changing their Start screen layout. If you enable this setting, you will preve
If you enable this setting, users cannot uninstall apps from Start. If you disable this setting or do not configure it, users can acc
This policy setting allows you to remove access to the context menus for the taskbar. If you enable this policy setting, the men
This policy setting allows you to remove the All Programs list from the Start menu. If you enable this policy setting, the "All Pro
This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen:
Hides pop-up text on the Start menu and in the notification area. When you hold the cursor over an item on the Start menu o
Prevents the clock in the system notification area from being displayed. If you enable this setting, the clock will not be displaye
Removes items in the All Users profile from the Programs menu on the Start menu. By default, the Programs menu contains ite
This policy setting allows you to remove the Default Programs link from the Start menu. If you enable this policy setting, the D
This policy setting allows you to remove the Documents icon from the Start menu and its submenus. If you enable this policy s
This policy setting allows you to remove the Downloads link from the Start Menu. If you enable this policy setting, the Start M
Prevents users from adding the Favorites menu to the Start menu or classic Start menu. If you enable this setting, the Display F
If you enable this setting, the frequently used programs list is removed from the Start menu. If you disable this setting or do no
If you enable this policy the start menu will not show a link to the Games folder. If you disable or do not configure this policy, t
This policy setting allows you to remove the Help command from the Start menu. If you enable this policy setting, the Help com
If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start
This policy setting allows you to remove links and access to Windows Update. If you enable this policy setting, users are preven
This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restorin
This policy setting allows you to remove the Music icon from Start Menu. If you enable this policy setting, the Music icon is no
This policy setting allows you to remove Network Connections from the Start Menu. If you enable this policy setting, users are
This policy setting allows you to remove the Network icon from Start Menu. If you enable this policy setting, the Network icon
This policy setting allows you to remove the Pictures icon from Start Menu. If you enable this policy setting, the Pictures icon i
If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start m
This policy setting allows you to remove programs on Settings menu. If you enable this policy setting, the Control Panel, Printe
Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu. The Recen
This policy setting allows you to remove the Recorded TV link from the Start Menu. If you enable this policy setting, the Start M
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager. If you enable this setting,
If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search b
This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements.
If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in
If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked. I
If you enable this policy the start menu will not show a link to the user's storage folder. If you disable or do not configure this p
This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003. I
Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden. This setting is
This policy setting allows you to remove the Videos link from the Start Menu. If you enable this policy setting, the Start Menu
This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from
This policy setting shows or hides the "Run as different user" command on the Start application bar. If you enable this setting,
This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar. If you enable this policy setting, the Quick
This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. Thi
This policy setting allows the Apps view to be opened by default when the user goes to Start. If you enable this policy setting,
Specifies the Start layout for users. This setting lets you specify the Start layout for users and prevents them from changing its
Specifies the Start layout for users. This setting lets you specify the Start layout for users and prevents them from changing its
This setting affects the notification area, also called the "system tray." The notification area is located in the task bar, generally
Disables personalized menus. Windows personalizes long menus by moving recently used items to the top of the menu and hi
This policy setting allows you to turn off user tracking. If you enable this policy setting, the system does not track the programs
Allows you to disable System Restore configuration through System Protection. This policy setting allows you to turn off System
Allows you to disable System Restore. This policy setting allows you to turn off System Restore. System Restore enables users,
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from prov
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from prov
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory th
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory th
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is ava
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is ava
Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and W
Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and W
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture
Prevents start of InkBall game. If you enable this policy, the InkBall game will not run. If you disable this policy, the InkBall gam
Prevents start of InkBall game. If you enable this policy, the InkBall game will not run. If you disable this policy, the InkBall gam
Prevents printing to Journal Note Writer. If you enable this policy, the Journal Note Writer printer driver will not allow printing
Prevents printing to Journal Note Writer. If you enable this policy, the Journal Note Writer printer driver will not allow printing
Prevents the snipping tool from running. If you enable this policy setting, the Snipping Tool will not run. If you disable this pol
Prevents the snipping tool from running. If you enable this policy setting, the Snipping Tool will not run. If you disable this pol
Prevents start of Windows Journal. If you enable this policy, the Windows Journal accessory will not run. If you disable this po
Prevents start of Windows Journal. If you enable this policy, the Windows Journal accessory will not run. If you disable this po
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this beha
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this beha
Makes pen flicks and all related features unavailable. If you enable this policy, pen flicks and all related features are unavailable
Makes pen flicks and all related features unavailable. If you enable this policy, pen flicks and all related features are unavailable
Makes pen flicks learning mode unavailable. If you enable this policy, pen flicks are still available but learning mode is not. Pen
Makes pen flicks learning mode unavailable. If you enable this policy, pen flicks are still available but learning mode is not. Pen
Prevents the user from launching an application from a Tablet PC hardware button. If you enable this policy, applications cann
Prevents the user from launching an application from a Tablet PC hardware button. If you enable this policy, applications cann
Prevents press and hold actions on hardware buttons, so that only one action is available per button. If you enable this policy,
Prevents press and hold actions on hardware buttons, so that only one action is available per button. If you enable this policy,
Turns off Tablet PC hardware buttons. If you enable this policy, no actions will occur when the buttons are pressed, and the bu
Turns off Tablet PC hardware buttons. If you enable this policy, no actions will occur when the buttons are pressed, and the bu
Disables visual pen action feedback, except for press and hold feedback. If you enable this policy, all visual pen action feedbac
Disables visual pen action feedback, except for press and hold feedback. If you enable this policy, all visual pen action feedbac
This policy disables the functionality that converts balloons to toast notifications. If you enable this policy setting, system and
This policy setting allows you to control pinning items in Jump Lists. If you enable this policy setting, users cannot pin files, fold
This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change
This policy setting allows you to control pinning the Store app to the Taskbar. If you enable this policy setting, users cannot pin
This policy setting allows you to prevent taskbars from being displayed on more than one monitor. If you enable this policy setti
This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations. The Start Menu and T
This policy setting allows you to lock all taskbar settings. If you enable this policy setting, the user cannot access the taskbar co
This policy setting allows you to prevent users from adding or removing toolbars. If you enable this policy setting, the user is n
This policy setting allows you to prevent users from moving taskbar to another screen dock location. If you enable this policy s
This policy setting allows you to prevent users from rearranging toolbars. If you enable this policy setting, users are not able to
This policy setting allows you to prevent users from resizing the taskbar. If you enable this policy setting, users are not be able
This policy setting removes Notifications and Action Center from the notification area on the taskbar. The notification area is lo
This policy setting allows you to remove pinned programs from the taskbar. If you enable this policy setting, pinned programs a
This policy setting allows you to remove the battery meter from the system control area. If you enable this policy setting, the b
This policy setting allows you to remove the networking icon from the system control area. If you enable this policy setting, the
This policy setting allows you to remove Security and Maintenance from the system control area. If you enable this policy setti
This policy setting allows you to remove the volume control icon from the system control area. If you enable this policy setting
This policy setting allows users to see Windows Store apps on the taskbar. If you enable this policy setting, users will see Wind
This policy setting allows you to turn off all notification balloons. If you enable this policy setting, no notification balloons are s
This policy setting allows you to turn off automatic promotion of notification icons to the taskbar. If you enable this policy setti
This policy setting allows you to turn off feature advertisement balloon notifications. If you enable this policy setting, certain n
This policy setting allows you to turn off taskbar thumbnails. If you enable this policy setting, the taskbar thumbnails are not d
This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Sched
This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Sched
Prevents users from viewing and changing the properties of an existing task. This setting removes the Properties item from the
Prevents users from viewing and changing the properties of an existing task. This setting removes the Properties item from the
Prevents users from starting and stopping tasks manually. This setting removes the Run and End Task items from the context m
Prevents users from starting and stopping tasks manually. This setting removes the Run and End Task items from the context m
Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for exis
Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for exis
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder. This setting disabl
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder. This setting disabl
Prevents users from creating new tasks. This setting removes the Add Scheduled Task item that starts the New Task Wizard. Al
Prevents users from creating new tasks. This setting removes the Add Scheduled Task item that starts the New Task Wizard. Al
Prevents users from deleting tasks from the Scheduled Tasks folder. This setting removes the Delete command from the Edit m
Prevents users from deleting tasks from the Scheduled Tasks folder. This setting removes the Delete command from the Edit m
This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 net
This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interva
This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology th
This policy setting allows you to configure IP Stateless Autoconfiguration Limits. If you enable or do not configure this policy se
This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connecti
This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. If you
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and h
This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the
This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Tered
This policy setting allows you to configure the Teredo refresh rate. Note: On a periodic basis (by default, every 30 seconds), Ter
This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client com
This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides un
This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify con
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signe
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signe
This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirec
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services ses
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this po
This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initi
Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host se
This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, serve
This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable
This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote
This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is con
This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the far
This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redi
This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtuali
This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the c
This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off a
This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote co
This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Rem
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redire
This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is a
This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Deskt
This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services se
Controls whether a user can save passwords using Remote Desktop Connection. If you enable this setting the credential saving
Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the p
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. If you ena
This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Por
This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can us
If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Sessi
This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host
This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. You can use this s
This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Co
This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remot
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of
This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.
This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Re
Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setti
This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session
This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting onl
This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. R
This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC)
This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote De
This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting o
This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote con
This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop
Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this s
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecur
This policy setting specifies whether to require the use of a specific security layer to secure communications between clients an
This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host
This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, use
This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth an
This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically
Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD
This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By defa
Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through a
Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server
Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's h
If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option
If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be i
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be i
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active be
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active be
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this po
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this po
This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL
This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to spe
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to spe
This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.
This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. If you enab
This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, liv
This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote D
This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting rem
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client pr
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client pr
This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If
This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop licens
This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy settin
This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they
This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Se
This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer o
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote co
This policy setting allows you to specify whether font smoothing is allowed for remote connections. Font smoothing provides C
This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP add
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Serv
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Serv
This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remot
This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addre
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing a
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing a
Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD
This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed application
This policy setting specifies whether Remote Desktop IP Virtualization is turned on. By default, Remote Desktop IP Virtualizatio
This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load b
Turns off the caching of thumbnails in hidden thumbs.db files. This policy setting allows you to configure File Explorer to cache
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders. File Explor
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. File Exp
Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. If
Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. If
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch d
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch d
This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local comp
This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Window
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) comm
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) comman
This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted
This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted P
This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted P
This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user se
This policy setting configures the synchronization of user settings of Calculator. By default, the user settings of Calculator synch
This policy setting configures the synchronization of user settings of Calculator. By default, the user settings of Calculator synch
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 a
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 a
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 a
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 a
This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users co
This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users co
This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. If you enable this policy se
This policy setting specifies the URL for the Contact IT link in the Company Settings Center. If you enable this policy setting, the
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. B
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. B
This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to
This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settin
This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settin
This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance s
This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance s
This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent
This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sy
This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sy
This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user
This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user
This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 8. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 8. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Intern
This policy setting configures the synchronization of user settings which are common between the versions of Internet Explore
This policy setting configures the synchronization of user settings which are common between the versions of Internet Explore
This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user setting
This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user setting
This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync
This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync
This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft
This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings
This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings
This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings
This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user
This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the us
This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the us
This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync
This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync
This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync
This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync
This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchro
This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchro
This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has us
This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has us
This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has us
This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has us
This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user
This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user
This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user
This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user
This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage p
This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage p
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 ha
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 ha
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 ha
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 ha
This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has us
This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has us
This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has us
This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has us
This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sy
This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sy
This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package fil
This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package fil
This policy setting configures where the settings package files that contain user settings are stored. If you enable this policy setti
This policy setting configures where the settings package files that contain user settings are stored. If you enable this policy setti
This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the
This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint
This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint
This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports syn
This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports syn
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows ap
This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settin
This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settin
This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will sync
This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will sync
This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync
This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync
This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray th
This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers r
This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers r
This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync
This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync
This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user setting
This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user setting
This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weathe
This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weathe
This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settin
This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settin
This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchr
This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchr
This policy setting adds the Administrator security group to the roaming user profile share. Once an administrator has configur
This policy setting restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in W
This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network spee
This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive w
This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used with
This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connecti
This policy setting disables the more secure default setting for the user's roaming user profile folder. After an administrator ha
This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to
This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user
This policy setting controls on a per-computer basis whether roaming profiles are downloaded on a user's primary computers o
This policy setting controls how long Windows waits for a user response before it uses a default user profile for roaming user p
This policy setting lets you exclude folders that are normally included in the user's profile. As a result, these folders do not need
This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software
This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reache
This policy setting determines how many times the system tries to unload and update the registry portion of a user profile. Wh
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users l
This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their pro
This policy setting provides users with the ability to download their roaming profile, even when a slow network connection wit
This policy setting controls how long Windows waits for a response from the network before logging on a user without a remot
This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all us
This policy setting sets the schedule for background uploading of a roaming user profile's registry file (ntuser.dat). This policy se
This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon sessio
This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files
This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps. If you enable thi
This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain infor
This policy setting directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed o
This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and vie
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PI
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (L
This policy setting allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker
This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard pro
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setti
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setti
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setti
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the r
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the req
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard can display and specify BitLocker
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setti
This policy setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boo
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the B
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the B
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the B
This policy setting allows you to manage BitLockers use of hardware-based encryption on fixed data drives and specify which e
This policy setting allows you to manage BitLockers use of hardware-based encryption on operating system drives and specify
This policy setting allows you to manage BitLockers use of hardware-based encryption on removable data drives and specify w
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to pe
This policy setting specifies the constraints for passwords used to unlock BitLocker-protected operating system drives. If non-TP
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose
This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protecte
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected re
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLoc
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. If yo
This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable d
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provide
This policy setting allows users to turn on authentication options that require user input from the pre-boot environment, even
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additiona
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started followin
This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of BitLocker Drive Encryption re
This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation. If y
This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This p
This policy setting specifies a set of parameters for controlling the Windows NTP Client. If you enable this policy setting, you ca
This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your compu
This policy setting allows you to specify whether the Windows NTP Server is enabled. If you enable this policy setting for the W
This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for doma
This policy setting specifies that power management is disabled when the machine enters connected standby mode. If this po
This policy setting prevents computers from establishing multiple simultaneous connections to either the Internet or to a Wind
This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at
This policy setting prevents clients from connecting to Mobile Broadband networks when the client is registered on a roaming p
This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios. If you enable this policy setting
This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. If you enable this polic
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing
By default, Add features to Windows 10 is available for all administrators. If you enable this policy setting, the wizard will not r
By default, Add features to Windows 10 is available for all administrators. If you enable this policy setting, the wizard will not r
This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can
This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not. If you enab
This policy setting allows you to manage whether backups of a machine can run to a network share or not. If you enable this p
This policy setting allows you to manage whether backups of a machine can run to an optical media or not. If you enable this p
This policy setting allows you to manage whether run-once backups of a machine can be run or not. If you enable this policy s
This policy setting affects the ability of users to install or uninstall color profiles. If you enable this policy setting, users cannot i
This policy setting affects the ability of users to install or uninstall color profiles. If you enable this policy setting, users cannot i
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enable
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are t
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are t
This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispy
This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service
This policy setting allows you to enable download of definition updates from Microsoft Update even if the Automatic Updates
This policy setting allows you to configure definition updates when the computer is running on battery power. If you enable or
This policy setting allows you to configure the antimalware service to receive notifications to disable individual definitions in re
This policy setting allows you to enable real-time definition updates in response to reports sent to Microsoft MAPS. If the servi
This policy setting allows you to manage whether or not end users can pause a scan in progress. If you enable or do not config
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a sca
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur immediately after se
This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Poli
This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This
This policy setting configures a local override for the configuration of monitoring for file and program activity on your compute
This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This se
This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Grou
This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This s
This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group
This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by
This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Grou
This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantin
This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting
This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remedia
This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Grou
This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set b
This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring en
This policy setting defines the number of days items should be kept in the Quarantine folder before being removed. If you ena
This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain
This policy setting configures the time in minutes before a detection in the critically failed state to moves to either the additi
This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" s
This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" sta
This policy setting allows you to configure whether or not Watson events are sent. If you enable or do not configure this settin
This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). Tracing lev
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. If you enable
This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified
This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted
This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for
This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the ne
This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned. If you en
This policy setting allows you to define the number of days after which a catch-up definition update will be required. By default
This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up s
This policy setting allows you to define the number of days that must pass before spyware definitions are considered out of da
This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. I
This policy setting allows you to define the order in which different definition update sources should be contacted. The value o
This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an ac
This policy setting allows you to configure whether or not to display AM UI to the users. If you enable this setting AM UI won't
This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scannin
This policy setting allows you to configure definition updates on startup when there is no antimalware engine present. If you e
This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to r
This policy setting allows you to configure monitoring for file and program activity. If you enable or do not configure this settin
This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qua
This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes
This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition
This policy setting allows you to configure scanning mapped network drives. If you enable this setting, mapped network drives
This policy setting allows you to configure scanning for all downloaded files and attachments. If you enable or do not configure
This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .C
This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting. If
This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning rema
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents
This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0
This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be add
This policy setting allows you to specify the day of the week on which to check for definition updates. The check can also be co
This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete rem
This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be config
This policy setting allows you to specify an interval at which to check for definition updates. The time value is represented as th
This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the num
This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are u
This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for th
This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value
This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are: 1 = Quick Scan (d
This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as
This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remedia
This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as
This policy setting allows you to specify the time of day at which to check for definition updates. The time value is represented
This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat a
This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan.
This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use. If you enable
Use this policy setting to specify if you want Windows Defender notifications to display on clients. If you disable or do not confi
This policy setting allows user to supress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
This policy setting turns off real-time protection prompts for known malware detection. Windows Defender alerts you when m
This policy setting allows you to configure whether Windows Defender automatically takes action on all detected threats. The a
This policy setting turns off Windows Defender. If you enable this policy setting, Windows Defender does not run, and comput
This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting, behavior monito
This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated bec
This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated b
This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilitie
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox
This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the eng
This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malwar
This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities
This policy setting controls whether raw volume write notifications are sent to behavior monitoring. If you enable or do not co
This policy setting defines the number of days items should be kept in the scan history folder before being permanently remov
This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible
This policy setting allows you to configure the automatic scan which starts after a definition update has occurred. If you enable
This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is d
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons. If you enable this policy setti
This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage
This policy setting allows you to specify a list of known folders that should be disabled. Disabling a known folder will prevent th
Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin. If you en
This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explore
When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you ca
Prevents users from submitting alternate logon credentials to install a program. This setting suppresses the "Install Program As
This policy removes the end-user notification for new application associations. These associations are based on file types (e.g.
This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the u
Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 20
Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features adde
Removes the list of most recently used files from the Open dialog box. If you disable this setting or do not configure it, the "Fil
This policy setting allows you to hide these specified drives in My Computer. This policy setting allows you to remove the icons
Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer o
Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify fr
This policy setting allows you to specify a location where all default Library definition files for users/machines reside. If you en
This policy setting allows you to specify a location where all default Library definition files for users/machines reside. If you en
Limits the percentage of a volume's disk space that can be used to store deleted files. If you enable this setting, the user has a
"This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on th
This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File
Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Ne
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search result
This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu
Prevents users from using My Computer to gain access to the content of selected drives. If you enable this setting, users can b
Prevents users from using File Explorer or Network Locations to map or disconnect network drives. If you enable this setting, t
This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if yo
This policy setting allows you to remove the DFS tab from File Explorer. If you enable this policy setting, the DFS (Distributed Fi
Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item. If you enab
Removes the File menu from My Computer and File Explorer. This setting does not prevent users from using other methods to
Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in C
This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the S
Removes the Security tab from File Explorer. If you enable this setting, users opening the Properties dialog box for all file syste
This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a work
If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer w
Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display
This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the mov
Prompts users for alternate logon credentials during network-based installations. This setting displays the "Install Program As O
This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol de
Shows or hides hibernate from the power options menu. If you enable this policy setting, the hibernate option will be shown i
Shows or hides lock from the user tile menu. If you enable this policy setting, the lock option will be shown in the User Tile me
Shows or hides sleep from the power options menu. If you enable this policy setting, the sleep option will be shown in the Pow
This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are o
This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are o
This policy setting allows you to turn off caching of thumbnail pictures. If you enable this policy setting, thumbnail views are n
Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical orde
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical orde
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full fun
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full fun
This policy setting allows you to turn off the display of snippets in Content view mode. If you enable this policy setting, File Exp
This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If yo
Turn off Windows+X hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For exam
This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior. If you enable this settin
This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and
This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it m
This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache. W
This policy setting allows you to set when Windows File Protection scans protected files. This policy setting directs Windows Fil
This policy setting specifies an alternate location for the Windows File Protection cache. If you enable this policy setting, enter
Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport. If you enable this po
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICM
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICM
Allows inbound file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445
Allows inbound file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) a
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) a
Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389. If you e
Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389. If you e
Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with buil
Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with buil
Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows
Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows
Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windo
Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windo
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this po
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this po
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Firewall uses two port excep
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Firewall uses two port excep
Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program excep
Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program excep
Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firew
Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firew
Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the p
Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the p
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages. If you enable this po
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages. If you enable this po
Turns on Windows Firewall. If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\
Turns on Windows Firewall. If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\
Allow suggested apps in Windows Ink Workspace
Allow Windows Ink Workspace
Windows Mail will not check your newsgroup servers for Communities support.
Windows Mail will not check your newsgroup servers for Communities support.
Denies or allows access to the Windows Mail application. If you enable this setting, access to the Windows Mail application is
Denies or allows access to the Windows Mail application. If you enable this setting, access to the Windows Mail application is
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled, Window
This policy setting allows a screen saver to interrupt playback. If you enable this policy setting, a screen saver is displayed durin
This policy setting allows you to specify the HTTP proxy settings for Windows Media Player. If you enable this policy setting, se
This policy setting allows you to specify the MMS proxy settings for Windows Media Player. If you enable this policy setting, se
This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds. If you e
This policy setting allows you to specify the RTSP proxy settings for Windows Media Player. If you enable this policy setting, sel
Prevents the anchor window from being displayed when Windows Media Player is in skin mode. This policy hides the anchor w
This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode
This policy setting allows you to hide the Network tab. If you enable this policy setting, the Network tab in Windows Media Pla
This policy setting allows you to hide the Privacy tab in Windows Media Player. If you enable this policy setting, the "Update m
This policy setting allows you to hide the Security tab in Windows Media Player. If you enable this policy setting, the default se
This policy setting allows you to turn off do not show first use dialog boxes. If you enable this policy setting, the Privacy Option
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet. If you en
This policy setting allows you to prevent Windows Media Player from downloading codecs. If you enable this policy setting, the
This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop. If you enable th
This policy setting allows you to prevent media sharing from Windows Media Player. If you enable this policy setting, any user
This policy setting allows you to prevent media information for music files from being retrieved from the Internet. If you enabl
This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar. If you enable this
This policy setting allows you to prevent radio station presets from being retrieved from the Internet. If you enable this policy s
This policy setting allows you to prevent video smoothing from occurring. If you enable this policy setting, video smoothing is p
This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin. If you enable this poli
This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving strea
This policy setting allows you to prevent Windows Messenger from running. If you enable this policy setting, Windows Messen
This policy setting allows you to prevent Windows Messenger from running. If you enable this policy setting, Windows Messen
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Window
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Window
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentic
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentica
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authe
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unen
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives une
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authenticatio
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentica
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos crede
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentic
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate auth
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs cre
This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in T
This policy setting turns on or turns off an HTTP listener created for backward compatibility purposes in the Windows Remote M
This policy setting turns on or turns off an HTTPS listener created for backward compatibility purposes in the Windows Remote
This policy setting configures access to remote shells. If you enable this policy setting and set it to False, new remote shell con
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the syste
This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is a
This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote s
This policy setting configures the maximum number of processes a remote shell is allowed to launch. If you enable this policy
This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system. Any
This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
Disable turns off the launch of all apps from the Windows Store that came pre-installed or were downloaded. Apps will not be
Denies access to the retail catalog in the Windows Store app, but displays the private store. If you enable this setting, users wil
Denies access to the retail catalog in the Windows Store app, but displays the private store. If you enable this setting, users wil
Enables or disables the automatic download and installation of app updates. If you enable this setting, the automatic downloa
Enables or disables the automatic download of app updates on PCs running Windows 8. If you enable this setting, the automa
Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application
Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application
Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to
Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor
This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Confi
This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft w
If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instea
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic
Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart. If the status is set to E
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choic
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choic
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve inform
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Win
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Win
Enable this policy to not include drivers with Windows quality updates.
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. I
Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the syste
Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user w
This setting allows you to remove access to Windows Update. If you enable this setting, all Windows Update features are remo
Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart. If the status is se
Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled inst
Enable this policy to specify what type of feature updates to receive, and when. The branch readiness level for each new Wind
Enable this policy to specify when to receive quality updates. You can defer receiving quality updates for up to 30 days. To pre
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically upda
If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart o
Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update
This policy setting allows you to control whether users see detailed enhanced notification messages about featured software fr
This setting controls automatic updates to a user's computer. Whenever a user connects to the Internet, Windows searches fo
This setting allows you to remove access to scan Windows Update. If you enable this setting, Windows Update scan access is re
Specify the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be se
This policy setting controls the use of fast startup. If you enable this policy setting, the system requires hibernate to be enabled
This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the
This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is
Specifies an alternate user interface. The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, bu
This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS). If you enable this polic
This policy setting controls whether or not the system displays information about previous logons and logon failures to the use
This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and
This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the
This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts t
Enables or disables the automatic download and update of map data. If you enable this setting the automatic download and u
This policy setting allows you to turn on or turn off unsolicited network traffic on the Offline Maps page in Settings > System > O
This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level win
This policy setting allows you to turn off projection to a PC. If you turn it on, your PC isn't discoverable and can't be projected
This policy setting allows you to require a pin for pairing. If you turn this on, the pairing ceremony for new devices will always r
This policy setting determines whether users can enable the following WLAN settings: "Connect to suggested open hotspots," "
This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods. When en
This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devic
This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine. If this policy setting is enable
Set up the menu name and URL for the custom Internet search provider. If you enable this setting, the specified menu name a
This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. If you
This policy setting specifies the Work Folders server for affected users, as well as whether or not users are allowed to change se
This setting lets you configure how domain joined computers become registered as devices. When you enable this setting, dom
This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day. If you ena
This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day. If you enab
This policy setting blocks voice and video calls during Quiet Hours. If you enable this policy setting, voice and video calls will be
This policy setting turns off notification mirroring. If you enable this policy setting, notifications from applications and system w
This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw no
This policy setting turns off Quiet Hours functionality. If you enable this policy setting, toast notifications will not be suppress
This policy setting turns off tile notifications. If you enable this policy setting, applications and system features will not be able
This policy setting turns off toast notifications for applications. If you enable this policy setting, applications will not be able to
This policy setting turns off toast notifications on the lock screen. If you enable this policy setting, applications will not be able
This policy setting configures the cost of 3G connections on the local machine. If this policy setting is enabled, a drop-down lis
This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down lis
New in Win10?
ministrator can create a list of approved ActiveX Install sites specified by host URL. If you disable or do not configure this policy setting, Acti
lation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate e
figuration tools. If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system service
New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
and configure components of Windows from the installation files. If you disable this setting or do not configure it, the Add/Remove Windo
nfigure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and me
tion is available to all users. This setting does not prevent users from using other tools and methods to add or remove program componen
oes not prevent users from using other tools and methods to connect to Windows Update. Note: If the "Hide Add New Programs page" setti
re those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, sy
mail, as well as which programs are accessible from the Start menu, desktop, and other locations. If you disable this setting or do not config
Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. If y
rmation, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version num
y programs in other categories. To use this setting, type the name of a category in the Category box for this setting. You must enter a catego
RTM
6-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DO
n to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the contex
es, or displays an Application Help message if the application has a know problem. Turning off the application compatibility engine will boo
e customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set. Di
ry Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assis

PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. If you enable this policy setting, the PCA will b
as keyboard input and mouse input, user interface data, and screen shots. Steps Recorder includes an option to turn on and off data collec
able this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This optio
1607
TP4
TP4
TP4
TP4
TP4
TP4
TP4
1607
TP4
TP4
TP4
TP4
TP4
TP4
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
RTM
ated by the local computer). If you disable or do not configure this policy setting, you cannot install LOB or developer-signed Windows Stor
files" Group Policy setting applies Mandatory user profiles and super-mandatory profiles, which are created by an administrator Temporar
is setting, you cannot develop Windows Store apps or install them directly from an IDE.
RTM
RTM
allow users to sign in with an enterprise account instead. If you disable or do not configure this policy setting, users will need to sign in wit
t desktop app for a file type. If you enable this policy setting, Windows Store apps cannot open files in the default desktop app for a file typ
t desktop app for a file type. If you enable this policy setting, Windows Store apps cannot open files in the default desktop app for a file typ
m by launching a desktop app. If you enable this policy setting, Windows Store apps cannot open URIs in the default desktop app for a URI
m by launching a desktop app. If you enable this policy setting, Windows Store apps cannot open URIs in the default desktop app for a URI
RTM
ontent URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use. If you disable or do
s the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. Moderate Risk:
ws cannot make proper risk assessments. If you enable this policy setting, Windows does not mark file attachments with their zone inform
dangerous file attachments that Windows has blocked users from opening. If you enable this policy setting, Windows hides the check box
lusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).
as a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list). If you
nto Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an e
would be redundant. If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a fi
dows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler. Using both the file hand
in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and serv
embers user's choice of what to do when a device is connected.
embers user's choice of what to do when a device is connected.
xecute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. T
xecute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. T
ves, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with Windows XP SP2, Autoplay is enabled fo
ves, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with Windows XP SP2, Autoplay is enabled fo
1607
RTM
this policy setting, Windows prevents domain users from logging on to a domain-joined computer using biometrics. Note: Prior to Window
iometrics, you must also configure the "Allow users to log on using biometrics" policy setting. If you disable this policy setting, the Window
to log on to the domain. If you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and c
to specify the number of seconds the event remains active. This value cannot exceed 60 seconds. If you disable or do not configure this po
TP4
es and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in
dows Branch Cache. If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache. Note: This policy setti
he computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. Howe
he computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers
u can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days. If you disable or do not configu
1 percent of the total system disk for the peercache. If you enable this policy setting, you can enter the percentage of disk space to be used
ate. By default BITS uses a maximum download time of 90 days (7,776,000 seconds). If you enable this policy setting, you can set the max
ork bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. If you enable th
ve network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will u
mit the maximum number of BITS jobs a user can create to the specified number. If you disable or do not configure this policy setting, BITS
licy setting, BITS will limit the maximum number of BITS jobs to the specified number. If you disable or do not configure this policy setting,
n to the specified number. If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum num
ges that can be added to a file to the specified number. If you disable or do not configure this policy setting, BITS will limit ranges to 500 ra
setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly confi
ou can define a separate set of network bandwidth limits and set up a schedule for the maintenance period. You can specify a limit to use f
ys that are not defined in a work schedule are considered non-work hours. If you enable this policy setting, you can set up a schedule for li
s for the job are deleted from the disk. Note: Any property changes to the job or any successful download action will reset this timeout. C
1607
rosoft Operations Manager server.

RTM
osoft.com/fwlink/?LinkId=517265
1607
TP4
1607
TP4
ns unless Windows has internally registered the required components. If you enable this policy setting and a component registration is mis
ns unless Windows has internally registered the required components. If you enable this policy setting and a component registration is mis
o the view used in the last Control Panel session. Note: Icon size is dependent upon what the user has set it to in the previous session.
elp and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings. If you enable this settin
from: The Start screen File Explorer This setting removes PC settings from: The Start screen Settings charm Account picture Search resu
other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no
Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.
press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the key
has no effect on the system. If you enable it, a screen saver runs, provided the following two conditions hold: First, a valid screen saver on
nnot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
TP4
ound, and users cannot change it. If the specified background is not supported, the default background is used.
ou specify will be used. Also, a user may not apply a different visual style when changing themes. If you disable or do not configure this se
m changing the screen saver. If you disable this setting or do not configure it, users can select any screen saver. If you enable this setting, t
ktop background, color, sounds, or screen saver after the first logon. If you disable or do not configure this setting, the default theme will b
reen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password protection setting. If you d
Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows. If this setting is di
nd later, use the "Prevent changing color and appearance" setting.
ngs can be changed by the user. To specify wallpaper for a group, use the "Desktop Wallpaper" setting. Note: You must also enable the "D
dows Vista, this setting also hides the Desktop tab in the Display Control Panel.
lock screen and logon image, and they will instead see the default image.

ot be allowed to change them. If the "Force a specific background and accent color" policy is also set on a supported version of Windows,
r do not configure this setting, there is no effect. Note: If you enable this setting but do not specify a theme using the "load a specific them
ems, this setting prevents users and applications from changing the visual style through the command line. Also, a user may not apply a diff
ess in PC Settings, and the camera cannot be invoked on the lock screen.
no slide show will ever start.
e "Font size" drop-down list on the Appearance tab.
ng circumstances: - The setting is disabled or not configured. - The wait time is set to zero. - The "Enable Screen Saver" setting is disabled.
ft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If t
er the device's screen turns off before a password is required when waking the device. The allowable time is limited by any EAS settings or
RTM
xample if the computer belongs to the Fabrikam domain, the default domain for user logon is Fabrikam. If you enable this policy setting, th
: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to su
ote that the user's domain password will be cached in the system vault when using this feature.
Templates\Windows Components\Microsoft Passport for Work. If you enable this policy setting, a domain user can set up and sign in with
he user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). The policy be
elegated (default credentials are those that you use when first logging on to Windows). If you disable or do not configure (by default) this
er's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). If you do no
egated (fresh credentials are those that you are prompted for when executing the application). If you do not configure (by default) this pol
er's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manag
egated (saved credentials are those that you elect to save/remember using the Windows credential manager). If you do not configure (by
Windows). If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. Note: The "Den
g the application). If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. Note: T
the Windows credential manager). If you disable or do not configure (by default) this policy setting, this policy setting does not specify any
ng apps: Remote Desktop Client If you enable this policy setting, restricted mode is enforced and participating apps will not delegate crede
olicy setting, the password reveal button will be displayed after a user types a password in the password entry text box. By default, the pas
olicy setting, the password reveal button will be displayed after a user types a password in the password entry text box. By default, the pas
n the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, users will always b
ould be enabled. If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of t
by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring
t+Del. If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. T
off from the Start menu. Also, see the 'Remove Logoff on the Start Menu' policy setting. If you disable or do not configure this policy setti
hange the priority of the process in which programs run. If you enable this policy setting, users will not be able to access Task Manager. If u
RTM
TP5
TP5
1607
mentations will be turned off. If you do not configure this policy setting, user can configure the Let Microsoft try features on this build op
(if enabled), DCOM will look for an entry in the locally configured list. If you disable this policy setting, DCOM will not look in the locally co
es the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled. DC
1607
RTM
RTM
RTM
RTM
RTM
1607
1607
1607
1607
1607
to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each tim
ted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". Als
ng, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\w
Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Clas
e desktop. Note: This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wa
this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.

Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Cla
configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu. To see the filter bar, open Net
tory folder appears in the Network Locations folder. This setting is designed to let users search Active Directory but not tempt them to cas
, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to

etwork Places icon.


set permissions for user or group objects in Active Directory. If you enable this setting, you can use the "Number of objects returned" box
figuration. Tip: To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start butt
their Active Desktop, or prevent users from removing existing Web content. Also, see the "Disable all items" setting.
default configuration. Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's toolbars" setting.
cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, l
k boxes from items on the Web tab in Display in Control Panel. Note: This setting does not prevent users from deleting items from their Ac
Web content to their Active Desktop. Also, see the "Prohibit closing items" and "Disable all items" settings.
properties of an item, such as its synchronization schedule, password, or display characteristics.
cation in the Target box.
mpty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing the
access to the contents of the My Documents folder. This setting does not remove the My Documents icon from the Start menu. To do so, u
do not configure this setting, the Properties option is displayed as usual.
and then opens the File menu. Clicks the My Documents icon, and then presses ALT+ENTER. If you disable or do not configure this policy s
configure this setting, the Properties option is displayed as usual.
o the contents of the Recycle Bin folder. Note: To make changes to this setting effective, you must log off and then log back on.
t behavior of the Desktop Clean Wizard running every 60 days occurs. Note: When this setting is not enabled, users can run the Desktop C
is policy, this window minimizing and restoring gesture will apply.
1607
e this policy the machine must be rebooted. The file path must be either a UNC path (for example, \\ServerName\ShareName\SIPolicy.p7b
rdware support and will only be enabled on correctly configured devices. Virtualization Based Protection of Code Integrity This setting en
ard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects re
vent device installation take precedence over this one. If you enable this policy setting, Windows is allowed to install or update any device
ngs that prevent device installation take precedence over this one. If you enable this policy setting, Windows is allowed to install or update
vers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store. If you dis

enabled, the system does not implement any setting less secure than the one the setting established. When you enable this setting, use th
dows waits 300 seconds for a device installation task to complete before terminating the installation.
tting prevents device installation. If you disable or do not configure this policy setting, Windows displays a default title in a notification when
tion. If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device instal
estore point enables you to more easily restore your system to its state before the activity. If you enable this policy setting, Windows does
es that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting. If you disable or do not
ented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remo
ndows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable th
for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows
er that is not signed at all. If you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher ce
this policy setting, the system does not force a reboot. Note: If no reboot is forced, the device installation restriction right will not take eff

es from the search algorithm. If you enable this setting, you can remove the locations by selecting the associated check box beside the loc
setting, an error report is sent when a generic driver is installed.
(Control Panel > System and Security > System > Advanced System Settings > Hardware tab). If you disable or do not configure this policy s
by the device driver. If you disable or do not configure this policy setting, Windows sends an error report when a device driver that reque
hat Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates.
Windows will first search the Managed Server, such as a Windows Server Update Services (WSUS) server. Only if no update is found will Win
ear while a device is being installed, unless the driver for the device suppresses the balloons.
net Communication settings" is disabled or not configured. If you enable this setting, administrators will not be prompted to search Window
net Communication settings" is disabled or not configured. If you enable this setting, administrators will not be prompted to search Window
empts to discover domain controllers. This value is specified in minutes. If you disable or do not configure this policy setting, the default va
, Digital Locker will not run. If you disable or do not configure this setting, Digital Locker can be run.
, Digital Locker will not run. If you disable or do not configure this setting, Digital Locker can be run.
ot configure this policy setting, Windows displays the default alert text in the disk diagnostic message. No reboots or service restarts are re
c Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur. If you enable this policy setting, the DPS also wa
and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored
e. In this mode, the system tries to save power by aggressively spinning down the disk. If you do not configure this policy setting, the defa
om the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping t
olatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
mputer will apply the disk quota to both fixed and removable media.
nt is turned off, and users cannot turn it on. If this policy setting is not configured, disk quota management is turned off by default, but ad
m disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the
disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event wh
icy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that adm
tus in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. This setting overrides new users setti
olume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be se
. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot. For example, if attac
r if you do not configure this policy setting, NetBT queries will only be issued for single-label names such as "example" and not for multi-lab
er will be applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you d
ilable field. To use this policy setting, you must enter at least one IP address. If you enable this policy setting, the list of DNS servers is app
Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS
on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled
ured, IDNs are not converted to the Nameprep form.
esolution (LLMNR) and NetBIOS over TCP/IP (NetBT). If you enable this policy setting, responses from link local protocols will be preferred
omputers that receive it, you must restart Windows. If you enable this policy setting, it supersedes the primary DNS suffix configured in th
ping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application
parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can
, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and th
PTR records will be determined by the option that you choose under Register PTR records. To use this policy setting, click Enabled, and the
servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should no
p of resource records and does not allow a DNS client to overwrite records that are registered by other computers. During dynamic update
u specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
tting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
hat also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios i
re received, the network binding order is used to determine which response to accept. If you enable this policy setting, the DNS client will
P (NetBT). If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all network
nsecure dynamic updates. Only secure - computers send only secure dynamic updates. If you enable this policy setting, computers that att
ecords unless the authoritative zone is a top-level domain or root zone. If you enable this policy setting, computers send dynamic updates
y setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for wind
y setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for wind
ng, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual versi
ng, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual versi
ing this policy setting requires a logoff for it to be applied.
ing this policy setting requires a logoff for it to be applied.
internal color is used, if the user does not specify a color. Note: This policy setting can be used in conjunction with the "Prevent color chan
internal color is used, if the user does not specify a color. Note: This policy setting can be used in conjunction with the "Prevent color chan
olor in Start Personalization. However, setting the accent will have no effect.
you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the
wise OR of following values: 0x0001 // JIS208 area 0x0002 // NEC special char code 0x0004 // NEC selected IBM extended code 0x0008 /
rsion. If you disable or do not configure this policy setting, the custom dictionary can be used by default. For Japanese Microsoft IME, [Cle
ly. Note: Changes to this setting will not take effect until the user logs off.
olicy setting, the search integration function can be used by default. This policy setting applies to Japanese Microsoft IME, Simplified Chine
used for conversion. For Simplified Chinese Microsoft Pinyin, an Open Extended Dictionary that is added before enabling this policy setting

RTM
1607
ME and Simplified Chinese Microsoft Pinyin.
een signed and has not been tampered with. - Bad: The driver has been identified as malware. It is recommended that you do not allow kn
1607
1607

apps using touch gestures, keyboard shortcuts, and the Start screen. If you disable or don't configure this policy setting, the recent apps w
d users won't be able to replace it with Windows PowerShell. Users will still be able to access Windows PowerShell, but not from that menu
r-right corner. They'll still be available if the mouse is pointing to the lower-right corner. If you disable or don't configure this policy setting

policy setting, Windows will keep track of the apps that are used and searched most frequently. Most frequently used apps will appear at
crypts files that are moved to an encrypted folder. This setting applies only to files moved within a volume. When files are moved to other
only USB root hub connected Enhanced Storage devices are allowed. If you disable or do not configure this policy setting, USB Enhanced S
If you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer.
e usable on your computer. If you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable
e removable devices are allowed on your computer.
nced Storage device.

the Enhanced Storage device state is not changed when the computer is locked.
TP4
TP4
o select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destina
TP4
TP4
setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication setti
avior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum num
avior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum num
m occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Que
m occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Que
r generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3
r generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3
pplication errors. If the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regar
Reporting events and errors are logged to the system event log, as with other Windows-based programs.
Reporting events and errors are logged to the system event log, as with other Windows-based programs.
tion to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. If you disable or do not c
tion to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. If you disable or do not c
he user can also report the error. If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error R
If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Wi
If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Wi
itional CAB files that can contain data about the same event types as an earlier uploaded report. If you disable or do not configure this po
itional CAB files that can contain data about the same event types as an earlier uploaded report. If you disable or do not configure this po
y setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent s
y setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent s
m the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in th
eporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents
eporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents
r Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applicatio
s the user interface for critical errors.
ou do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Contr
manent power source. If you enable this policy setting, WER does not determine whether the computer is running on battery power, but ch
manent power source. If you enable this policy setting, WER does not determine whether the computer is running on battery power, but ch
ricted. If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the net
ricted. If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the net
environments. If you disable or do not configure this policy setting, forwarder resource usage is not specified. This setting applies across a
st subscription specifics. Use the following syntax when using the HTTPS protocol: Server=https://<FQDN of the collector>:5986/wsman/S
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
users and system services can write, read, or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The
If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. If y
users and system services can write, read, or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The
ecurity descriptor matches the configured value can access the log. If you disable or do not configure this policy setting, only system softw
RTM
RTM
RTM
RTM
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
setting, the Event Log uses the system32 or system64 subdirectory.
setting, the Event Log uses the system32 or system64 subdirectory.
setting, the Event Log uses the system32 or system64 subdirectory.
setting, the Event Log uses the system32 or system64 subdirectory.
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using

MS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messa

ed in File Explorer. Note: When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
RTM
plorer. If you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their U

dows To Go workspace, can't hibernate the PC.


n started from a Windows To Go workspace, can use standby states to make the PC sleep.
when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Con
TP4

required. This is the default recovery behavior for corrupted files. Silent: Detection, troubleshooting, and recovery of corrupted files will a
new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be
e RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. Note: To make changes to

1607
nformation please refer to the Windows Help section NOTE: If this policy is Disabled or Not Configured, local administrators may select the
nerated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per v
e available offline. If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. Al
s are automatically made available offline. All subfolders within the redirected folders are also made available offline. Note: This policy setti
etwork location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to
on a computer in a remote office. To designate a user's primary computers, an administrator must use management software or a script to
on a computer in a remote office. To designate a user's primary computers, an administrator must use management software or a script to
tting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecti
tting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecti

s visible and cannot be hidden by the user. Note: This has a side effect of not being able to toggle to the Preview Pane since the two canno
Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. If y

RTM
y any user on that system. If you disable or do not configure this policy setting, language packs that are installed as part of the system imag
le this policy setting, the system specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to
e disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not co
e disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not co
prompt. If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page. If the policy is D
permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. The policy setting "Restric
permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. The policy setting "Restric
s enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable t
s enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable t
talled on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local admin
hese values programmatically. This policy setting is used only to simplify the Regional Options control panel. If you enable this policy settin
s not prevent the user or an application from changing the GeoID programmatically. If you disable or do not configure this policy setting, th
g the UI language. This does not prevent the user or an application from changing the UI language programmatically. If you disable or do n
er or an application from changing their user locale or user overrides programmatically. If you disable or do not configure this policy setting
ls in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a langua
will be restricted to the specified list. The locale list is specified using language names, separated by a semicolon (;). For example, en-US is
ricted to locales in this list. To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setti
ricted to locales in this list. To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setti
y the administrator as the system UI languages. The UI language selected by the user will be ignored if it is different than any of the system
anguage for the selected user. If the specified language is not installed on the target computer or you disable this policy setting, the langua
led, then the option will be locked to not autocorrect misspelled words. If the policy is Disabled or Not Configured, then the user will be fr
t is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer b
t is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer b
the option will be locked to not highlight misspelled words. If the policy is Disabled or Not Configured, then the user will be free to change
lects a text prediction candidate when using the on-screen keyboard. If the policy is Enabled, then the option will be locked to not insert a
en keyboard. If the policy is Enabled, then the option will be locked to not offer text predictions. If the policy is Disabled or Not Configure
. If you do not configure this policy setting: - No user-based policy settings are applied from the user's forest. - Users do not receive their
ion of the ADM files that were used to create the GPO while editing this GPO. This leads to the following behavior: - If you originally creat
licy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner. Client comp
ide any bandwidth speed information. If Group Policy detects a bandwidth speed, Group Policy will follow the normal rules for evaluating i
program implementing the disk quota policy set when it was installed. If you enable this policy setting, you can use the check boxes provi
encryption policy set when it was installed. If you enable this policy setting, you can use the check boxes provided to change the options.
ctive Directory, not for Group Policy objects on the local computer. This policy setting overrides customized settings that the program imple
runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts
hanges to the domain controller designated as the PDC Operations Master for the domain. "Inherit from Active Directory Snap-ins" indica
n to be slow. The system's response to a slow policy connection varies among policies. The program implementing the policy can specify th
n to be slow. The system's response to a slow policy connection varies among policies. The program implementing the policy can specify th
ed settings that the program implementing the Internet Explorer Maintenance policy set when it was installed. If you enable this policy setti
customized settings that the program implementing the IP security policy set when it was installed. If you enable this policy setting, you c
ting disk contention. If you enable this policy setting, Group Policy will wait for the specified amount of time before running logon scripts.
f you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy s
t was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not confi
cy set when it was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or
Policy Objects stored in Active Directory, not for Group Policy Objects on the local computer. This policy setting overrides customized settin
d on the computer that is being used. By default, the user's Group Policy Objects determine which user settings apply. If this setting is ena
enting the wired network set when it was installed. If you enable this policy, you can use the check boxes provided to change the options.
mplementing the wireless network set when it was installed. If you enable this policy, you can use the check boxes provided to change the
1607
l such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system
his policy setting, interactive users can generate RSoP. Note: This policy setting does not affect administrators. If you enable or disable this
his policy setting, interactive users can generate RSoP. Note: This policy setting does not affect administrators. If you enable or disable this

1607
up Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy
osoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.
1607
1607
his policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a spec
browser. The display name can contain environment variables and can be a maximum of 255 characters long. If this setting is Disabled or N
always updated when the system starts. By default, computer Group Policy is updated in the background every 90 minutes, with a random
minutes. If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain
d when users log on. By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes
synchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting
ing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy
licy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files
d user settings. If you disable or do not configure this policy setting, updates can be applied while users are working. The frequency of upd

on of all Local GPOs to ensure that only domain-based GPOs are applied. If you enable this policy setting, the system does not process and
d the client-side extension settings that were included. If you enable this setting, RSoP logging is turned off. If you disable or do not configu
RTM
ms are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group
e event logging and turn on tracing for the Applications extension for client computers. If you disable or do not configure this policy settin
items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Gr
ure event logging and turn on tracing for the Data Sources extension for client computers. If you disable or do not configure this policy setti
to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects
ogging and turn on tracing for the Devices extension for client computers. If you disable or do not configure this policy setting, by default e
s are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group P
event logging and turn on tracing for the Drive Maps extension for client computers. If you disable or do not configure this policy setting, b
riable preference items are allowed to process across a slow network connection, to be applied during background processing, and to proc
ure event logging and turn on tracing for the Environment extension for client computers. If you disable or do not configure this policy setti
ss across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) a
and turn on tracing for the Files extension for client computers. If you disable or do not configure this policy setting, by default event loggi
tting, Folder Options, Open With, and File Type preference items are allowed to process across a slow network connection, to be applied du
nfigure event logging and turn on tracing for the Folder Options extension for client computers. If you disable or do not configure this polic
to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects
gging and turn on tracing for the Folders extension for client computers. If you disable or do not configure this policy setting, by default ev
d to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objec
gging and turn on tracing for the Ini Files extension for client computers. If you disable or do not configure this policy setting, by default ev
are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Po
ogging and turn on tracing for the Internet extension for client computers. If you disable or do not configure this policy setting, by default
Local User and Local Group preference items are allowed to process across a slow network connection, to be applied during background pr
olicy setting, you can configure event logging and turn on tracing for the Local User and Local Group extension for client computers. If you
tting, VPN Connection and DUN Connection preference items are allowed to process across a slow network connection, to be applied during
n configure event logging and turn on tracing for the Network Options extension for client computers. If you disable or do not configure th
eference items are allowed to process across a slow network connection, to be applied during background processing, and to process even
onfigure event logging and turn on tracing for the Network Shares extension for client computers. If you disable or do not configure this po
ower Options and Power Scheme preference items are allowed to process across a slow network connection, to be applied during backgro
nfigure event logging and turn on tracing for the Power Options extension for client computers. If you disable or do not configure this polic
tting, Shared Printer, TCP/IP Printer, and Local Printer preference items are allowed to process across a slow network connection, to be applie
ogging and turn on tracing for the Printers extension for client computers. If you disable or do not configure this policy setting, by default e
s preference items are allowed to process across a slow network connection, to be applied during background processing, and to process e
n configure event logging and turn on tracing for the Regional Options extension for client computers. If you disable or do not configure th
wed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy obje
ogging and turn on tracing for the Registry extension for client computers. If you disable or do not configure this policy setting, by default
, Scheduled Task and Immediate Task preference items are allowed to process across a slow network connection, to be applied during back
configure event logging and turn on tracing for the Scheduled Tasks extension for client computers. If you disable or do not configure this p
ed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objec
logging and turn on tracing for the Services extension for client computers. If you disable or do not configure this policy setting, by default
owed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy o
nt logging and turn on tracing for the Shortcuts extension for client computers. If you disable or do not configure this policy setting, by def
s are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group P
event logging and turn on tracing for the Start Menu extension for client computers. If you disable or do not configure this policy setting, b
t existing Application preference items. If you enable or do not configure this policy setting, you permit use of Application snap-ins. Enabli
ling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy settin
nce extension is prohibited, it does not appear in the Group Policy Management Editor window. If you enable this policy setting, you perm
xtension is prohibited, it does not appear in the Group Policy Management Editor window. If you enable this policy setting, you permit use
ss restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Ena
tricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling
ing this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting
bling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setti
policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you p
ess restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. En
his policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, yo
this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, yo
nless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users
nsion unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy se
unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings.
nabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy se
ess restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. En
ate and manage preference items. If you enable this policy setting, you permit use of the Preferences tab. Enabling this policy setting does
tricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling
unless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict user
this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, yo
nless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. E
stricted by the "Permit use of Control Panel Settings (Computers)" policy setting. Enabling this policy setting overrides the "Restrict users to
g this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting,
restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users to th
er Group Policy settings synchronously. If you enable this policy setting, Windows applies user Group Policy settings asynchronously, when
es be added to this policy setting. If you enable this policy setting, the commands function only for .chm files in the specified folders and th
s. If you disable or do not configure this policy setting, users can run all applications from online Help. Note: You can also restrict users f
s. If you disable or do not configure this policy setting, users can run all applications from online Help. Note: You can also restrict users f
to make sure that they use system memory safely. If you enable this policy setting, DEP for HTML Help Executable is turned off. This will al
The text is displayed, but there are no clickable links for these elements. If you disable or do not configure this policy setting, the default b
the Help Experience Improvement program. If you disable or do not configure this policy setting, users can turn on the Help Experience Im
the quality and usefulness of the Help and Support content.
ne. If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and ha
nnected automatically on subsequent attempts. Credentials can also be configured by network operators. If you enable this policy setting,
you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their r
you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their r
and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will y
lication or use the Store service to find an application. If you enable this policy setting, the "Look for an app in the Store" item in the Open
lication or use the Store service to find an application. If you enable this policy setting, the "Look for an app in the Store" item in the Open
, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of comp
nly prohibits downloading drivers that are not already installed locally. If you enable this policy setting, print drivers cannot be downloaded
nly prohibits downloading drivers that are not already installed locally. If you enable this policy setting, print drivers cannot be downloaded
tion text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event
this policy setting, the Help and Support Center no longer retrieves nor displays "Did you know?" content. If you disable or do not configu
es with the default search options. If you enable this policy setting, it removes the Knowledge Base section from the Help and Support Cen
ents users from retrieving the list of ISPs, which resides on Microsoft servers. If you disable or do not configure this policy setting, users ca
s downloaded from a Windows website in addition to providers specified in the registry. If you enable this policy setting, Windows does n
s downloaded from a Windows website in addition to providers specified in the registry. If you enable this policy setting, Windows does n
ation or use the Web service to find an application. If you enable this policy setting, the link and the dialog for using the Web service to op
ation or use the Web service to find an application. If you enable this policy setting, the link and the dialog for using the Web service to op
t Printing server and making its shared printers available via HTTP. If you enable this policy setting, it prevents this client from printing to In
t Printing server and making its shared printers available via HTTP. If you enable this policy setting, it prevents this client from printing to In
ot configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration. Note that registration is
content files used to format and display results. If you enable this policy setting, Search Companion does not download content updates d
om Picture Tasks in File Explorer folders. If you disable or do not configure this policy setting, the task is displayed.
om Picture Tasks in File Explorer folders. If you disable or do not configure this policy setting, the task is displayed.
ish content to the web. If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you
ish content to the web. If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you
is information is used to improve the product in future releases. If you enable this policy setting, Windows Messenger does not collect usa
is information is used to improve the product in future releases. If you enable this policy setting, Windows Messenger does not collect usa
ollect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and
tion to report errors. If you disable or do not configure this policy setting, the errors may be reported to Microsoft via the Internet or to a co
loading a page from a dedicated Web server or making a DNS request for a dedicated address. If you enable this policy setting, NCSI does
d for drivers when no local drivers are present. If you do not configure this policy setting, searching Windows Update is optional when inst
ents or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. Enabling th
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
r site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (foun
can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (foun
non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are provid
non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are provid
and non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are pr
and non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are pr
his list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons n
his list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons n
c functionality or behavior on a page.) If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Scrip
c functionality or behavior on a page.) If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Scrip
user preferences and policy settings. If you enable this policy setting, all processes will respect add-on management user preferences and p
user preferences and policy settings. If you enable this policy setting, all processes will respect add-on management user preferences and p
behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked. If you disable or do not configure th
behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked. If you disable or do not configure th
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
ecurity applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector
ecurity applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector
Sniffing Safety Feature is disabled for all processes.
Sniffing Safety Feature is disabled for all processes.
ure this policy setting, the MK Protocol is enabled.
ure this policy setting, the MK Protocol is enabled.
t obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer. If you disable this policy se
t obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer. If you disable this policy se
t Explorer Processes, for which the Notification bar is displayed by default). If you enable this policy setting, the Notification bar will be dis
t Explorer Processes, for which the Notification bar is displayed by default). If you enable this policy setting, the Notification bar will be dis
figure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.
figure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.
e, making the Local Machine security zone a prime target for malicious users. If you enable this policy setting, any zone can be protected fr
e, making the Local Machine security zone a prime target for malicious users. If you enable this policy setting, any zone can be protected fr
e this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
e this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
ou disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for a
ou disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for a
ows' title and status bars. If you enable this policy setting, scripted windows are restricted for all processes. If you disable or do not config
ows' title and status bars. If you enable this policy setting, scripted windows are restricted for all processes. If you disable or do not config
f you do not configure this policy, users can choose whether to be prompted before running active content on a CD.
f you do not configure this policy, users can choose whether to be prompted before running active content on a CD.
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
twork Protocol Lockdown policy. If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on
twork Protocol Lockdown policy. If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
un. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you dis
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
perform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
you enable this policy setting, deleting browsing history on exit is turned on. If you disable this policy setting, deleting browsing history on
you enable this policy setting, deleting browsing history on exit is turned on. If you disable this policy setting, deleting browsing history on
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ether to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
TP5
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
ou disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
tting, non-Internet Explorer components will be automatically installed as necessary. If you disable this policy setting, users will be prompt
tting, non-Internet Explorer components will be automatically installed as necessary. If you disable this policy setting, users will be prompt
to download the Japanese Language Pack component if it is not already installed. If you enable this policy setting, Web components such a
to download the Japanese Language Pack component if it is not already installed. If you enable this policy setting, Web components such a
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this z
lay UI during shutdown. If you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown
lay UI during shutdown. If you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown
lay these files. If you do not configure this policy setting, the user can change the "Enable alternative codecs in HTML5 media elements" se
lay these files. If you do not configure this policy setting, the user can change the "Enable alternative codecs in HTML5 media elements" se
RTM
RTM
1607
1607
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
he Address bar. In addition, users won't be able to change the Suggestions setting on the Settings charm. If you disable this policy setting, u
he Address bar. In addition, users won't be able to change the Suggestions setting on the Settings charm. If you disable this policy setting, u
policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.
policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
allow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX p
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
TP5
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that inc

pted to install or run files with an invalid signature. If you disable this policy setting, users cannot run or install files with an invalid signatu
pted to install or run files with an invalid signature. If you disable this policy setting, users cannot run or install files with an invalid signatu
nable this policy setting, placeholders appear for graphical images while the images are downloading. The user cannot change this policy se
ternet Explorer automatically launches any browser helper objects that are installed on the user's computer. If you disable this policy settin
ternet Explorer automatically launches any browser helper objects that are installed on the user's computer. If you disable this policy settin
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enabl
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose wh
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.
e this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Webs
e this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Webs
sable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on
sable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on
If you disable this policy setting, Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate B
If you disable this policy setting, Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate B
or do not configure it, this control will not be designated as administrator-approved. To specify how administrator-approved controls are h
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure thi
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
ser upgrades to Internet Explorer 9. In Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. Activ
ser upgrades to Internet Explorer 9. In Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. Activ
ernet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when th
ernet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when th
rms a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable t
rms a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable t
is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is current
is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is current
ty zones in which you specify that administrator-approved controls can be run. If you disable this policy or do not configure it, this control
y setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host). In versions of Internet Explorer before
y setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host). In versions of Internet Explorer before
secure. If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked. If you disable this pol
secure. If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked. If you disable this pol
Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
ers click on a link within Internet Explorer, the content will be played by the default media client on their system. If you enable the Media
sable the blocking of attachments in options. If the block attachments setting is not checked, the user can specify to enable or disable the
lbar will be displayed with its default settings, unless users customize it.
ge how command buttons are displayed: Show all text labels: All command buttons have only text. Show selective text: Some command b
ge how command buttons are displayed: Show all text labels: All command buttons have only text. Show selective text: Some command b
this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").
this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").
in the Internet Explorer process" policy. If the "Bypass prompting for Clipboard access for scripts running in any process" policy setting is en
in the Internet Explorer process" policy. If the "Bypass prompting for Clipboard access for scripts running in any process" policy setting is en
e browser or web pages. By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. H
e browser or web pages. By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. H
on that has restricted functionality and is intended for use by web sites. If you enable this policy, this control will be available as an admini
y. If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List.
y. If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List.
cribed to, will be disabled. Users also cannot add content that is based on a channel, such as some of the Active Desktop items from Micros
ffline content. The Make Available Offline check box will be dimmed in the Add Favorite dialog box. If you disable this policy or do not confi
e properties are cleared and users cannot select them. To display this tab, users click the Tools menu, click Synchronize, select a Web page,
t. If you do not configure this setting, the user has the freedom to turn on the auto-complete feature for forms. To display this option, the
nd install a component when visiting a Web site that uses that component. This policy is intended to help the administrator control which
matic proxy scripts can be stored in the users' cache.
ors on Web pages. If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Co
ble this policy or do not configure it, users can select or clear settings on the Advanced tab. If you set the "Disable the Advanced page" pol
be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Mainten
be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Mainten
If you disable this policy or do not configure it, users can determine which programs to use for managing schedules and contacts, if progra
nfigure it, users can import new certificates, remove approved publishers, and change settings for certificates that have already been accep
alog box. If you disable this policy or do not configure it, users can change the default background and text color of Web pages. If you set t
ections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Pa
ections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Pa
r do not configure it, users can determine whether Internet Explorer will check to see if it is the default browser. When Internet Explorer p
figure it, users can change the default fonts for viewing Web pages. If you set the "Disable the General page" policy (located in \User Config
hine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies. If yo
u disable this policy or do not configure it, users can change the language preference settings for viewing Web sites for languages in which
If you disable this policy or do not configure it, users can change the default color of links on Web pages. If you set the "Disable the Gene
disable this policy or do not configure it, users can determine which programs to use for sending mail, viewing newsgroups, and placing Int
as their street and e-mail addresses. The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Wind
e their ratings settings. The "Disable the Ratings page" policy (located in \User Configuration\Administrative Templates\Windows Compone
secondary home pages. The user cannot set custom default secondary home pages. If you disable or do not configure this policy setting, t
secondary home pages. The user cannot set custom default secondary home pages. If you disable or do not configure this policy setting, t
l tab and then click the Settings button in the Internet Options dialog box. If you disable this policy or do not configure it, users can change
annel Bar check box on the Web tab in the Display Properties dialog box. If you disable this policy or do not configure it, users can view an
er the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer. If you enable this policy, the
ot configure it, users can determine which toolbars are displayed in File Explorer and Internet Explorer. This policy can be used in coordina
users have subscribed to. However, synchronization with the Web pages will still occur to determine if any content has been updated since t
b in the Web page Properties dialog box are dimmed. To display this tab, users click the Tools menu, click Synchronize, select a Web page, c
of pages that have been set up for offline viewing. If users click the Tools menu, click Synchronize, select a Web page, and then click the Pro
le this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet service
ttings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favori
ttings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favori
ing Start, pointing to Programs, pointing to Accessories, pointing to Communications, and then clicking Internet Connection Wizard. If you
and other settings for downloading Web content. If you disable this policy or do not configure it, channel providers can record information
window by using the shortcut menu. This policy can be used in coordination with the "File menu: Disable New menu option" policy, which
figure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available. This policy is intended to he
ou disable this policy or do not configure it, users can disable the synchronization of channels. This policy is intended to help administrato
box in the Organize Favorites Favorite dialog box and the Make This Page Available Offline check box will be selected but dimmed. To displa
will be informed that the command is not available. If you disable this policy or do not configure it, users can download programs from the
d when users start their browsers.
his policy, users will not be notified if their programs are updated using Software Distribution Channels. If you disable this policy or do not
settings. When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configura
settings. When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configura
u do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface: "Disa
u do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface: "Disa

ese settings. When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Adm
ese settings. When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Adm

cy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface: "D
cy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface: "D
earch pages. The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Inte
these settings. When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the S
these settings. When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the S
ayed when problems occur with proxy scripts.
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in
gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in
not use Reset Internet Explorer Settings. If you disable or do not configure this policy setting, the user can use Reset Internet Explorer Setti
not use Reset Internet Explorer Settings. If you disable or do not configure this policy setting, the user can use Reset Internet Explorer Setti
d-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on
d-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on
ends). If you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be
ends). If you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ted pages containing secure (HTTPS) information to the cache. If you disable this policy setting, Internet Explorer will save encrypted pages
ted pages containing secure (HTTPS) information to the cache. If you disable this policy setting, Internet Explorer will save encrypted pages
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
tal disk space usage. If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folde
tal disk space usage. If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folde
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
g a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains men
g a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains men
tails about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30
tails about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30
details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through
details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through
p right corner of the program will not work; if users click the Close button, they will be informed that the command is not available.
s will be informed that the command is not available. If you disable this policy or do not configure it, users can open a new browser windo
sable this policy or do not configure it, users can open a Web page from the browser File menu. Caution: This policy does not prevent user
d from the Save as Type box in the Save Web Page dialog box. Users can still save Web pages as hypertext markup language (HTML) files or
edence over the "File Menu: Disable Save As Web Page Complete" policy, which prevents users from saving the entire contents that are dis
annot set this limit. Note: This setting does not appear in the user interface.
you cannot set this limit. Note: This setting does not appear in the user interface.
t, you cannot set this limit. Note: This setting does not appear in the user interface.
, you cannot set this limit. Note: This setting does not appear in the user interface.
ou cannot set this limit. Note: This setting does not appear in the user interface.
orer does not go directly to an intranet site for a one-word entry in the Address bar.
orer does not go directly to an intranet site for a one-word entry in the Address bar.
e Users command on the Help menu. Caution: Enabling this policy does not remove the tips for Netscape users from the Microsoft Interne
bout Microsoft products.
ottom of the browser.

rites command on the shortcut menu is disabled; when users click it, they are informed that the command is unavailable. If you disable th
ng, the Command bar is shown by default, and the user can choose to hide it.
ng, the Command bar is shown by default, and the user can choose to hide it.
s bar is shown by default, and the user can choose to hide it.
s bar is shown by default, and the user can choose to hide it.
y, users will not be able to create new identities, manage existing identities, or switch identities. The Switch Identity option will be removed
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
a part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
tomatically displayed in Compatibility View. If you disable this policy setting, the Microsoft-provided website lists are not used. Additionally
tomatically displayed in Compatibility View. If you disable this policy setting, the Microsoft-provided website lists are not used. Additionally
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
f you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies. If you disable or do not
f you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies. If you disable or do not
ed off. If you do not configure this policy, users can turn on or turn off automatic updates from the About Internet Explorer dialog.
behaviors are prevented for the File Explorer and Internet Explorer processes. If you disable this policy setting, binary behaviors are allow
behaviors are prevented for the File Explorer and Internet Explorer processes. If you disable this policy setting, binary behaviors are allow
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
ecurity applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine z
ecurity applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine z
xplorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. If you do not configure this policy setti
xplorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. If you do not configure this policy setti
fail. If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File
fail. If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File
restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can
restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can
ternet Explorer Processes. If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes. If yo
ternet Explorer Processes. If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes. If yo
ble this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes. If you do
ble this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes. If you do
Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
s will not be blocked for Internet Explorer processes. If you do not configure this policy setting, the user's preference will be used to determ
s will not be blocked for Internet Explorer processes. If you do not configure this policy setting, the user's preference will be used to determ
user initiated for Internet Explorer processes. If you do not configure this policy setting, the user's preference determines whether to prom
user initiated for Internet Explorer processes. If you do not configure this policy setting, the user's preference determines whether to prom
ows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explo
ows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explo
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the
setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the
ules might map one there). If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zo
ules might map one there). If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zo
cessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting, users choose whethe
cessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting, users choose whethe
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
run. If you disable this policy or do not configure it, these controls will not be designated as administrator-approved. Select the check box
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
RTM
RTM
RTM
RTM
RTM
RTM
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
he toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.
he toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.
ns are next to the Address bar, and the user cannot move them. If you do not configure this policy setting, the Stop and Refresh buttons ar
ns are next to the Address bar, and the user cannot move them. If you do not configure this policy setting, the Stop and Refresh buttons ar
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user.
n versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.
n versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.
ure it, these controls will not be designated as administrator-approved. To specify a control as administrator-approved, click Enabled, and t
in which you specify that administrator-approved controls can be run. If you disable this policy or do not configure it, these controls will n
ministrator-approved controls can be run. If you disable this policy or do not configure it, this control will not be designated as administrato
r do not configure it, this control will not be designated as administrator-approved. To specify how administrator-approved controls are ha
rator-approved. To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1. In Gr
s policy or do not configure it, these controls will not be designated as administrator-approved. Select the check boxes for the controls tha
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
ministrator-approved. To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1.
ot be notified if Internet Explorer is not the default web browser. Users cannot change the setting. If you do not configure this policy settin
can choose how Internet Explorer tiles are opened.
can choose how Internet Explorer tiles are opened.
ures found in Web content. If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages d
ures found in Web content. If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages d
Web content. If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display mo
Web content. If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display mo
ontent. If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly. If you do n
ontent. If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly. If you do n
ngs. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso
ngs. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso
email and newsgroups. The menu bar contains menus that open lists of commands. The commands include options for printing, customiz
: When this policy setting is enabled, the "Fix settings" command on the Notification bar shortcut menu should be disabled.
: When this policy setting is enabled, the "Fix settings" command on the Notification bar shortcut menu should be disabled.
e Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm
e Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm
access the feed list in the Favorites Center.
access the feed list in the Favorites Center.
d from the Settings charm (starting with Internet Explorer 10 on Windows 8). If you disable or do not configure this policy setting, the Inte
d from the Settings charm (starting with Internet Explorer 10 on Windows 8). If you disable or do not configure this policy setting, the Inte
onfigure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.
onfigure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.
If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user
If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user
If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
cify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance. If you disable or do not configu
cify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance. If you disable or do not configu

u disable or do not configure this policy setting, the user can change the URL that is displayed for checking updates to Internet Explorer and
TP5
e of the following: Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario. O
e of the following: Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario. O
he tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select. If you disable or d
he tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select. If you disable or d
nnot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button. Display the re
nnot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button. Display the re
displayed in the main window. Enable top result search: When a user performs a search in the Address bar, the user is directed to an ext
displayed in the main window. Enable top result search: When a user performs a search in the Address bar, the user is directed to an ext
lected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing. With at least Int
lected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing. With at least Int
t configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete. If the "Prevent acce
t configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete. If the "Prevent acce
the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve download history wh
the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve download history wh
clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or
clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or
not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete. If the "Preven
not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete. If the "Preven
n the Delete Browsing History dialog box. If you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.
n the Delete Browsing History dialog box. If you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.
do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete. If the "Pre
do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete. If the "Pre
deleted when the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve tempora
deleted when the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve tempora
etting, websites that the user has visited are deleted when he or she clicks Delete. If you do not configure this policy setting, the user can c
etting, websites that the user has visited are deleted when he or she clicks Delete. If you do not configure this policy setting, the user can c
setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an
setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an
isable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
isable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
onfigure this policy setting, the Search box appears by default in the Internet Explorer frame. Note: If you enable this policy setting, Interne
onfigure this policy setting, the Search box appears by default in the Internet Explorer frame. Note: If you enable this policy setting, Interne
he exception list. Note: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop
he exception list. Note: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop
SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the u
SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the u
mode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis, and the
mode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis, and the
he user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. If you do not confi
he user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. If you do not confi

page. Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. Starting with Windows 8, the "Welcom
page. Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. Starting with Windows 8, the "Welcom
cy setting, the user can specify the background color in Internet Explorer.
nt, this policy setting allows you to specify the URL to update the browser security setting. If you enable this policy setting, the user canno
pecify the text color in Internet Explorer.
olicy setting, the user cannot specify the download path for the code. You must specify the download path. If you disable or do not configu
r of links already clicked in Internet Explorer. You must specify the link color (for example: 192,192,192). If you disable or do not configure
r of links not yet clicked in Internet Explorer. You must specify the link color (for example: 192,192,192). If you disable or do not configure t
s policy setting, the user can specify the hover color.
ecify the update check interval.
or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders. If you disable or do not configure th
or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders. If you disable or do not configure th
s. If you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session. If you disable this po
s. If you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session. If you disable this po
files and cookies. If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.
files and cookies. If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.
nfigure this policy setting, the user can turn on or turn off Windows colors for display.
s you to extend support for these user preferences and policy settings to specific processes listed in the process list. If you enable this poli
s you to extend support for these user preferences and policy settings to specific processes listed in the process list. If you enable this poli
rs to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a
rs to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack
zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack
etting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file typ
etting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file typ
his policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If
his policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If
applications for which they want restricting content obtained through restricted protocols to be prevented or allowed. If you enable this p
applications for which they want restricting content obtained through restricted protocols to be prevented or allowed. If you enable this p
Notification bar is displayed by default). If you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you ente
Notification bar is displayed by default). If you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you ente
tting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still ac
tting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still ac
Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security con
Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security con
tiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the
tiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the
prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value
prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value
ows' title and status bars. This policy setting allows administrators to define applications for which they want this security feature to be pr
ows' title and status bars. This policy setting allows administrators to define applications for which they want this security feature to be pr
RTM
RTM
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
is policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inte
nfigure this policy setting, the user can access any Accelerators that he or she has installed.
nfigure this policy setting, the user can access any Accelerators that he or she has installed.
ed from third-party toolbars or in Setup, but the user can also add them from a search provider's website. If you enable this policy setting
ed from third-party toolbars or in Setup, but the user can also add them from a search provider's website. If you enable this policy setting
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
cy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pr
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
that informs the user that this feature has been disabled. If you disable this policy or do not configure it, users can press F3 to search the I
disable this policy or do not configure it, users can change their settings for the Search Assistant. This policy is designed to help administra
alog box, click the Security tab, and then click the Sites button.) If you disable this policy or do not configure it, users can add Web sites to
ure it, users can change the settings for security zones. This policy prevents users from changing security zone settings established by the a
the same computer can establish their own security zone settings. This policy is intended to ensure that security zone settings apply unifo
1607
1607
rver names should be sent: 0) Unicode domain names are never converted to IDN format. 1) Unicode domain names are converted to IDN
rver names should be sent: 0) Unicode domain names are never converted to IDN format. 1) Unicode domain names are converted to IDN
dual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maxim
dual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maxim
cy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting. If you di
cy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting. If you di
. If you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application cache
. If you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application cache
e or do not configure this policy setting, users can choose how links are opened in Internet Explorer.
e or do not configure this policy setting, users can choose how links are opened in Internet Explorer.
vidual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data
vidual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data
en you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Exp
en you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Exp
ends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit
ends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit
n their computer. The default maximum storage limit for all application caches is 1 GB. If you enable this policy setting, you can set the ma
n their computer. The default maximum storage limit for all application caches is 1 GB. If you enable this policy setting, you can set the ma
aved on their computer. The default maximum storage limit for all indexed databases is 4 GB. If you enable this policy setting, you can set
aved on their computer. The default maximum storage limit for all indexed databases is 4 GB. If you enable this policy setting, you can set
processes; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The d
processes; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The d
not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.
not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.
proved. To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Poli
ble or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet
ble or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings
associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
icy setting, the user can select his or her preference for this behavior. The new tab page is the default setting.
icy setting, the user can select his or her preference for this behavior. The new tab page is the default setting.
ActiveX controls, including per-user controls, are installed through the standard installation process.
ActiveX controls, including per-user controls, are installed through the standard installation process.
tting, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start w
tting, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start w
ore. The user cannot prevent the wizard from starting. If you disable this policy setting, the Internet Connection Wizard does not start auto
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
ffline viewing. If you disable this policy or do not configure it, then users can determine the amount of content that is searched for new inf
the Internet Options command on the Tools menu, they are informed that the command is unavailable. If you disable this policy or do no
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup

oval. If you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to
oval. If you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to
The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-o
The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-o
h objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setti
h objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setti
over his or her data after a program stops responding.
over his or her data after a program stops responding.
TP5
turned on. The user cannot change this setting. If you do not configure this policy setting, the user can turn on or off automatic image resi
Slices in the background.
Slices in the background.
RTM
RTM
won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: 1. "domain.name.TLD". For example
won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: 1. "domain.name.TLD". For example
not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
sable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine
sable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine
e this policy setting, InPrivate Filtering data collection is turned off. If you disable this policy setting, InPrivate Filtering collection is turned
e this policy setting, InPrivate Filtering data collection is turned off. If you disable this policy setting, InPrivate Filtering collection is turned
do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
not configure this policy setting, the user can use the Compatibility View button.
not configure this policy setting, the user can use the Compatibility View button.
er decide. 1: Force pop-up windows to open in new windows. 2: Force pop-up windows to open on new tabs. If you disable or do not con
er decide. 1: Force pop-up windows to open in new windows. 2: Force pop-up windows to open on new tabs. If you disable or do not con
e this policy setting, the user can choose when to underline links.
ndows Error Reporting continue to apply. If you disable or do not configure this policy setting, the crash detection feature for add-on mana
ndows Error Reporting continue to apply. If you disable or do not configure this policy setting, the crash detection feature for add-on mana
uments can request data across third-party domains embedded in the page.
uments can request data across third-party domains embedded in the page.
SetProcessDEPPolicy function. If you disable or do not configure this policy setting, Internet Explorer uses the SetProcessDEPPolicy functio
ed data. If you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a faile
ed data. If you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a faile
here is a problem connecting with an Internet server, the user does not see a detailed description or hints about how to correct the proble

protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and ser
protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and ser
n off the Favorites bar.
n off the Favorites bar.
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
r. The user cannot turn on image display. However, the user can still display an individual image by right-clicking the icon that represents th
toComplete for File Explorer is turned off. The user cannot turn it on. If you disable this policy setting, Inline AutoComplete for File Explore
. If you disable this policy setting, InPrivate Browsing is available for use. If you do not configure this policy setting, InPrivate Browsing can
. If you disable this policy setting, InPrivate Browsing is available for use. If you do not configure this policy setting, InPrivate Browsing can
es that users have visited. If you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering d
es that users have visited. If you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering d
ny websites or content in the background. If you disable this policy setting, Internet Explorer preemptively loads websites and content in t
ny websites or content in the background. If you disable this policy setting, Internet Explorer preemptively loads websites and content in t
artScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow
artScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow
olicy setting, page transitions will be turned on. The user cannot change this behavior. If you do not configure this policy setting, the user
applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.
applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.
is policy setting, phone number detection is turned on. Users won't be able to modify this setting. If you don't configure this policy setting
is policy setting, phone number detection is turned on. Users won't be able to modify this setting. If you don't configure this policy setting
ppear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen
ppear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen
enu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users
enu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users
requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to
requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to

eopen Last Browsing Session feature.


eopen Last Browsing Session feature.
net Explorer does not allow sending the path portion of URLs as UTF-8. The user cannot change this policy setting. If you disable this policy
query strings. 1) Only encode query strings for URLs that aren't in the Intranet zone. 2) Only encode query strings for URLs that are in the I
query strings. 1) Only encode query strings for URLs that aren't in the Intranet zone. 2) Only encode query strings for URLs that are in the I
ht-clicks a webpage. If you disable or do not configure this policy setting, users can use the shortcut menu.
r cannot turn it off. If you do not configure this policy setting, the user can turn on or turn off smart image dithering.
scrolling. If you do not configure this policy setting, the user can turn smooth scrolling on or off.
ed search providers that offer suggestions.
ed search providers that offer suggestions.
b Grouping.
ternet Explorer, and the user cannot turn them on. If you disable this policy setting, tabbed browsing and related entry points appear on t
ternet Explorer, and the user cannot turn them on. If you disable this policy setting, tabbed browsing and related entry points appear on t
RTM
RTM
e this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-ad
e this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-ad
enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background. If you disab
enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background. If you disab
hen a user clicks in the Search box, the quick pick menu appears.
hen a user clicks in the Search box, the quick pick menu appears.

s in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server. If you enable
s in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server. If you enable
ting cross-domain data through a server. If you enable this policy setting, websites cannot request data across domains by using the XDom
ting cross-domain data through a server. If you enable this policy setting, websites cannot request data across domains by using the XDom
pecific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check. If you enable this po
pecific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check. If you enable this po
ebsites that users have visited. If you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protec
ebsites that users have visited. If you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protec
uggestions will be turned off. Users will not be able to turn on URL Suggestions. If you disable this policy setting, URL Suggestions will be tu
uggestions will be turned off. Users will not be able to turn on URL Suggestions. If you disable this policy setting, URL Suggestions will be tu
the browser Address bar. If you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing rel
the browser Address bar. If you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing rel
bit processes are used. If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Prote
bit processes are used. If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Prote
RTM
RTM
er cannot turn off ActiveX Filtering, although they may add per-site exceptions. If you disable or do not configure this policy setting, Active
er cannot turn off ActiveX Filtering, although they may add per-site exceptions. If you disable or do not configure this policy setting, Active
his policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured. If
his policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured. If
mplete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior. If you disable this policy se
s secure HTTP connection. If you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to
s secure HTTP connection. If you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to
policy setting is particularly useful to users who do not use a mouse. If you enable this policy setting, Caret Browsing is turned on. If you di
policy setting is particularly useful to users who do not use a mouse. If you enable this policy setting, Caret Browsing is turned on. If you di
ou enable this policy setting, the certificate address mismatch warning always appears. If you disable or do not configure this policy settin
ou enable this policy setting, the certificate address mismatch warning always appears. If you disable or do not configure this policy settin
ogging. If you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user canno
ogging. If you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user canno
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhance
If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhance
s turned on. The user cannot turn it off. If you disable this policy setting, inline AutoComplete is turned off. The user cannot turn it on. If y
nternet Explorer. If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string a
nternet Explorer. If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string a
ntranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot chang
ntranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot chang
rnet Explorer by default, and the user cannot turn it on. If you do not configure this policy setting, the menu bar is turned off by default. T
rnet Explorer by default, and the user cannot turn it on. If you do not configure this policy setting, the menu bar is turned off by default. T
on appears whenever the user browses to a page that loads content from an intranet site. If you disable this policy setting, a Notification b
on appears whenever the user browses to a page that loads content from an intranet site. If you disable this policy setting, a Notification b
e this policy setting, the printing of background colors and images is turned on. The user cannot turn it off. If you disable this policy setting
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
Script) or Microsoft JScript. If you enable this policy setting, script debugging is turned on. The user cannot turn off script debugging. If yo
RTM
RTM
RTM
RTM
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
uggested Sites. The users browsing history is sent to Microsoft to produce suggestions. If you disable this policy setting, the entry points a
uggested Sites. The users browsing history is sent to Microsoft to produce suggestions. If you disable this policy setting, the entry points a
TP5
ge does not appear properly because of problems with its scripting. The user cannot change this policy setting. If you disable this policy se
gure this policy setting, the user can turn on or turn off the hover color option.
c Detection. If you disable this policy or do not configure it, dial-up settings will not be configured by Automatic Detection, unless specifie
o use or not use HTTP 1.1.
o use or not use HTTP 1.1.
If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.
If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.
t be made bigger (20 x 20 pixels). If you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user ca
t be made bigger (20 x 20 pixels). If you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user ca
he user can add and remove sites from the list.
he user can add and remove sites from the list.
agent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.
agent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
RTM
RTM
encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this beh
encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this beh
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
ers can display the browser in a full screen. This policy is intended to prevent users from displaying the browser without toolbars, which m
m the browser View menu. Caution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a We
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a
o improve handwriting recognition in future versions of Windows. If you enable this policy, users cannot start the handwriting recognition
o improve handwriting recognition in future versions of Windows. If you enable this policy, users cannot start the handwriting recognition

then that setting overrides this one.


mic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied
1607
on about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also
this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentic
e forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the clie
vents. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, the
ring" and "Request compound authentication" must be configured and enabled in the resource account domain. If you enable this policy s
ngs, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click
erberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy
proxy connections. Warning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid. If you d
cation for all its users will fail from computers with this policy setting enabled. If you enable this policy setting, the client computers in the
ormation required to create compounded authentication and armor Kerberos messages in domains which support claims and compound a
U) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the
r later attempt to use Kerberos by generating an SPN. If you enable this policy setting, only services running as LocalSystem or NetworkSe
quest processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. If you enable this poli
To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name
nistrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this
domain. If you enable this policy setting, the device s credentials will be selected based on the following options: Automatic: Device will a
RTM
fault cipher suite order is used. SMB 3.11 cipher suites: AES_128_GCM AES_128_CCM SMB 3.0 and 3.02 cipher suites: AES_128_CCM H
role services installed. Policy configuration Select one of the following: - Not Configured. With this selection, hash publication settings ar
RTM
RTM
TP4
Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environ
1607
1607
TP5
you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in d
activities such as bandwidth estimation and network health analysis. If you enable this policy setting, additional options are available to fin
gure this policy setting, all programs on this computer can use the Windows Location Provider feature.

If you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background.
ait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter
1607
or logging off the system. If you disable or do not configure this policy setting, only the default status messages are displayed to the user d
connect the PC from the network or can connect the PC to other available networks without signing into Windows.
ting it on the Start menu or by typing ""Welcome"" in the Run dialog box. If you disable or do not configure this policy, the welcome screen
ting it on the Start menu or by typing ""Welcome"" in the Run dialog box. If you disable or do not configure this policy, the welcome screen
d on domain-joined computers.
programs and services that the system starts. If you enable this policy setting, the system ignores the run list for Windows Vista, Windows
programs and services that the system starts. If you enable this policy setting, the system ignores the run list for Windows Vista, Windows
f you enable this policy setting, the system ignores the run-once list. If you disable or do not configure this policy setting, the system runs t
f you enable this policy setting, the system ignores the run-once list. If you disable or do not configure this policy setting, the system runs t

hat Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy se
nding users to wait while their system starts or shuts down, or while users log on or off.
s policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or do
s policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or do
RTM
RTM
TP4
1607
If you use this setting, employees can't change it. If you don't configure this setting, employees can choose how new tabs appears.
If you use this setting, employees can't change it. If you don't configure this setting, employees can choose how new tabs appears.
you disable this setting, employees can't use Autofill to automatically fill in forms while using Microsoft Edge. If you don't configure this se
you disable this setting, employees can't use Autofill to automatically fill in forms while using Microsoft Edge. If you don't configure this se
bsites. If you disable or don't configure this setting, all cookies are allowed from all sites.
bsites. If you disable or don't configure this setting, all cookies are allowed from all sites.
es asking for tracking info. If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info. If you don't
es asking for tracking info. If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info. If you don't
st also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. If you disable or don't configure
st also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. If you disable or don't configure
tiple pages by using angle brackets in this format: <support.contoso.com><support.microsoft.com> If you disable or don't configure this s
tiple pages by using angle brackets in this format: <support.contoso.com><support.microsoft.com> If you disable or don't configure this s
ssword Manager to save their passwords locally. If you don't configure this setting, employees can choose whether to use Password Mana
ssword Manager to save their passwords locally. If you don't configure this setting, employees can choose whether to use Password Mana
don't configure this setting, employees can choose whether to use Pop-up Blocker.
don't configure this setting, employees can choose whether to use Pop-up Blocker.
Microsoft Edge. If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge. If you don't config
Microsoft Edge. If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge. If you don't config
ned on and employees can't turn it off. If you disable this setting, SmartScreen Filter is turned off and employees can't turn it on. If you do
ned on and employees can't turn it off. If you disable this setting, SmartScreen Filter is turned off and employees can't turn it on. If you do
d to be viewed using Internet Explorer 11 and Enterprise Mode. If you disable or don't configure this setting, Microsoft Edge won't use the
d to be viewed using Internet Explorer 11 and Enterprise Mode. If you disable or don't configure this setting, Microsoft Edge won't use the
1607
1607
gure this setting, employees can ignore SmartScreen Filter warnings and continue the download process.
gure this setting, employees can ignore SmartScreen Filter warnings and continue the download process.
etting, employees can ignore SmartScreen Filter warnings and continue to the site.
etting, employees can ignore SmartScreen Filter warnings and continue to the site.
esses are shown while making calls using the WebRTC protocol.
esses are shown while making calls using the WebRTC protocol.
disable or don't configure this setting, all intranet sites are automatically opened using Microsoft Edge.
disable or don't configure this setting, all intranet sites are automatically opened using Microsoft Edge.
1607
1607
or prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly
or prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly
or prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly
les or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.
d/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
ve Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not di
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
t be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
ke Windows Mobility Center and the .exe file launches it. If you do not configure this policy setting, Windows Mobility Center is on by defa
ke Windows Mobility Center and the .exe file launches it. If you do not configure this policy setting, Windows Mobility Center is on by defa
give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking,
give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking,
Maintenance/Automatic Maintenance Control Panel. If you disable or do not configure this policy setting, the daily scheduled time as spec
ting from its Activation Boundary, by upto this time. If you do not configure this policy setting, 4 hour random delay will be applied to Autom
g has no effect. If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for th
rofessional to resolve a problem. If you disable this policy setting, MSDT cannot gather diagnostic data. If you do not configure this policy
ols are required to completely troubleshoot the problem. If tool download is restricted, it may not be possible to find the root cause of the
nal to resolve a problem. By default, the support provider is set to Microsoft Corporation. If you disable this policy setting, MSDT cannot r
iolation. If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing instal
em privileges. Because the installation is running with elevated system privileges, users can browse through directories that their own perm
ecause patches can easily be vehicles for malicious programs, some installations prohibit their use. If you disable or do not configure this p
em privileges. This policy setting does not affect installations that run in the user's security context. By default, users can install from remov
signed to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets us
signed to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets us
es user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the
a component from a feature. This can also occur if you change the GUID of a component. The component identified by the original GUID a

elect or refuse the installation. If you enable this policy setting, the warning is suppressed and allows the installation to proceed. This poli
es even when the installation is running in the user's security context. If you disable or do not configure this policy setting, users can insta
ehicles for malicious programs, some installations prohibit their use. Note: This policy setting applies only to installations that run in the use
actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analy
nable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applicatio
emoved by users or administrators. If you enable this policy setting, updates cannot be removed from the computer by a user or an admin
ation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the com
ation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the com
tart Manager box to control file in use detection behavior. -- The "Restart Manager On" option instructs Windows Installer to use Restart M
es use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an appl
llation file source from the "Use features from" list that the system administrator configures. This policy setting applies even when the inst
nfigure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which
able this policy setting, you can change the search order by specifying the letters representing each file source in the order that you want W
vent type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event typ
ndows Installer does not generate System Restore checkpoints when installing applications. If you disable or do not configure this policy se
ckage settings box to control automatic logging via package settings behavior. -- The "Logging via package settings on" option instructs Win
tting, by default, the shared component functionality is allowed.
sh an installation setting. -- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This i
is required. This is the default recovery behavior on Windows client. Silent: Detection, troubleshooting, and notification of MSI application
by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com

ss connectivity is Corporate Connection.


er that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel
mputer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending a
n attaches the generated log files as a .html file. The user can review the message and add additional information before sending the mess
ess intranet access. If this setting is not configured, the entry for DirectAccess connectivity appears.

ork; otherwise it is outside the network.

Windows. By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation o
DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection. If you enable this policy setting,
cator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the
very as a fallback mechanism. NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Henc
to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Lo
urn IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provi
ests for exclusive read access to files on the share even when the caller has only read permission. If you disable or do not configure this po
arget hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachabl
ts to add the <DomainName>[1B] NetBIOS name if it hasnt already been successfully added. None of these operations are critical. 15 min
r exclusive read access to files on the share even when the caller has only read permission. When this setting is disabled or not configured
d then enter a value in seconds (for example, the value "900" is 15 minutes). If you do not configure this policy setting, it is not applied to
addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field an
pping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be u
g is applied. Select the mnemonics from the following list: Mnemonic Type DNS Record LdapIpAddress A <DnsDomainName> Ld
etting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections. If you
o not confihgure this policy setting, it is not applied to any computers, and computers use their local configuration.
information will be logged to the file. Higher values result in more verbose logging; the value of 536936447 is commonly used as an optim
eached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specifie
The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setti
DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. The default value for this setting is 30 minutes (1800). The maxim
dynamic update. DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their recor
site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory
stered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites w
ter DC Locator DNS SRV records for those sites without a DC that are closest to it. The DC Locator DNS records are dynamically registered b
RTM
s used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the sam
e, and they are used to locate the DC. If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Loca
behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled. By default, when no setting is specified for this policy, the
clusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name. If you enable this policy setti
n this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC disco
*24*60*60=4233600). The minimum value for this setting is 0. This setting is relevant only to those callers of DsGetDcName that have spec
lue set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting
maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any l
fficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive abou
ermines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available
n addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Ne
-clicking it, or by using the File menu. If you disable this setting (and enable the "Enable Network Connections settings for Administrators"
connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu. If you d
Rename option is disabled for nonadministrators only. If you do not configure this setting, only Administrators and Network Configuration O
ble Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disable
used when a user is connected to a network with local access only.
ohibit the use of certain features from Administrators. By default, Network Connections group settings in Windows XP Professional do not
ons settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connec
work Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operator
enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including adm
iders. If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings
nnections folder. As a result, users (including administrators) cannot start the New Connection Wizard. Important: If the "Enable Network C
enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users
ttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Co
n. This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dia
ncluding administrators). Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setti
context menu for a remote access connection and on the File menu in the Network Connections folder. Important: If the "Enable Networ
tors cannot enable or disable the components that a connection uses. Important: If the "Enable Network Connections settings for Adminis
domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. The Network Bridge
g (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including
As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server informati
en a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a co
ch as name resolution and addressing through DHCP, to the local private network. If you enable this setting, ICS cannot be enabled or con
gure the properties of the connection. If you enable this setting, the connection status taskbar icon and Status dialog box are not available
out elevating.
he secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gatew
dicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP addr
y setting, apps on proxied networks can access the Internet without relying on the Private Network capability. However, in most situations W
an administrator to configure a set of proxies that provide access to intranet resources. If you disable or do not configure this policy settin
ccessible to apps if and only if the app has declared the Home/Work Networking capability. Windows Network Isolation attempts to autom
onfigured with Group Policy are authoritative. This applies to both Internet and intranet proxies. If you disable or do not configure this pol
corporate environment. Only network hosts within the address ranges configured via Group Policy will be classified as private. If you disab

If you enable this setting, you can use the "Action" box to specify how computers in the group respond. -- "Work offline" indicates that th
If you enable this setting, you can use the "Action" box to specify how computers in the group respond. -- "Work offline" indicates that th
policy setting, Offline Files is disabled and users cannot enable it. If you do not configure this policy setting, Offline Files is enabled on Win
or do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use. Caution: Files are
ou can control when Windows synchronizes in the background while operating in slow-link mode. Use the 'Sync Interval' and 'Sync Varianc
matically reconnect to a server when the presence of a server is detected. If you enable this setting, you can configure the threshold value
n the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline. If you ena
s it. Automatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of t
ou disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline.
his may result in extra charges on cell phone or broadband plans. If this setting is disabled or not configured, synchronization will not run in
user response times and decreases bandwidth consumption over WAN links. The cached files are temporary and are not available to the u
in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is a
dditional events you want Offline Files to record. To use this setting, in the "Enter" box, select the number corresponding to the events you
dditional events you want Offline Files to record. To use this setting, in the "Enter" box, select the number corresponding to the events you
s try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization M
appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. This settin
appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. This settin
TP4
TP4
TP4
TP4
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
TP4
ully synchronized. Full synchronization ensures that offline files are complete and current. If you disable this setting, the system only perfo
ully synchronized. Full synchronization ensures that offline files are complete and current. If you disable this setting, the system only perfo
ully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enab
ully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enab
ction to "Full" ensures that all cached files and folders are up-to-date with the most current version. If you disable or do not configuring th
ction to "Full" ensures that all cached files and folders are up-to-date with the most current version. If you disable or do not configuring th
o proceed. If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them. If you disable the
o proceed. If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them. If you disable the
ped and are synchronized later. If you disable this policy setting, all administratively assigned folders are synchronized at logon.
that are weaker than what would be allowed for a login password. This setting controls this validation behavior. If set to 1, then this valid
other computers cannot detect that client and initiate sessions with it. If you enable this policy setting, this computer cannot register PNRP
other computers cannot detect that client and initiate sessions with it. If you enable this policy setting, this computer cannot register PNRP
other computers cannot detect that client and initiate sessions with it. If you enable this policy setting, this computer cannot register PNRP
node running peer to peer can be used as a seed server. No configuration is needed for the seed server itself. This setting provides the add
his setting allows for setting the seed server to a specified node in an enterprise. To use this setting, click Enable, and then enter a semicolo
his setting allows for setting the seed server to a specified node in an enterprise. To use this setting, click Enable, and then enter a semicolo
r protocols will be turned off. If you disable this setting or do not configure it, the peer-to-peer protocols will be turned on.
traps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find it w
otstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find
otstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find
blish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so th
blish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so th
blish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so th

If this policy is set to 0, then storage of previous PINs is not required. Default: 0.
If this policy is set to 0, then storage of previous PINs is not required. Default: 0.
TP5
TP5
ever is the lowest. If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not
ever is the lowest. If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not
to use digits in their PIN.
to use digits in their PIN.
rk does not allow users to use lowercase letters in their PIN.
TP5
TP5
heir PIN. If you disable or do not configure this policy setting, Microsoft Passport for Work does not allow users to use special characters in
ork does not allow users to use uppercase letters in their PIN.
ork does not allow users to use uppercase letters in their PIN.
etting, the TPM is still preferred, but all devices may provision Microsoft Passport for Work using software if the TPM is non-functional or un
tric gestures. If you disable this policy setting, Microsoft Passport for Work prevents the use of biometric gestures. NOTE: Disabling this po
encrypts their domain password. If you enable this policy, the device provisions Microsoft Passport for Work using keys or certificates for
must be enrolled in Passport for Work. If you enable this policy setting, Remote Passport will be enabled, allowing the use of a phone as a c
patibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online t

wnload content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maxim
rs that are using different versions of BranchCache might store cache data in incompatible formats. If you enable this policy setting, all clie
sted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that a
mputers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and h
olicy configuration Select one of the following: - Not Configured. With this selection, BranchCache client computer cache age settings are n
nload content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCac
he mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the
he cache is set to 5 percent of the total disk space on the client computer. Policy configuration Select one of the following: - Not Configure
ttings: - Set BranchCache Distributed Cache mode - Set BranchCache Hosted Cache mode - Configure Hosted Cache Servers Policy config

problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective
rformance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no
by/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when det
nsiveness problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no c
re not processed. If you do not configure this policy setting, the DPS will enable Windows Performance PerfTrack by default.
ations, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windo
ations, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windo

t configure this policy setting, users control this setting.


t configure this policy setting, users control this setting.
computer may enter is hibernate.
computer may enter is hibernate.
ntrol this setting.
e "Critical Battery Notification Action" policy setting. If you disable this policy setting or do not configure it, users control this setting.
ware may rely on Windows shutdown behavior. This setting is only applicable when Windows shutdown is initiated by software programs in
onfigure this policy setting, users control this setting.
onfigure this policy setting, users control this setting.
ol this setting.
Battery Notification Action" policy setting. If you disable this policy setting or do not configure it, users control this setting.
ble or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operatio
e display. Windows will only reduce the brightness of the primary display integrated into the computer. If you disable or do not configure t
e display. Windows will only reduce the brightness of the primary display integrated into the computer. If you disable or do not configure t
d for a password when the system resumes from sleep.
d for a password when the system resumes from sleep.
etting, users can see and change this setting.
tting, users control this setting.
can see and change this setting.
can see and change this setting.
n see and change this setting.
n see and change this setting.
see and change this setting.
see and change this setting.

llowing format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the powe


If you disable or do not configure this policy setting, users control this setting.
If you disable or do not configure this policy setting, users control this setting.
ure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is lock
RTM
policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this c
policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this c
y transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. If you disable or
y transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. If you disable or
olicy setting, Windows uses the same setting regardless of users keyboard or mouse behavior. If you do not configure this policy setting, us
olicy setting, Windows uses the same setting regardless of users keyboard or mouse behavior. If you do not configure this policy setting, us

ation level, see the "Low Battery Notification Level" policy setting. The notification will only be shown if the "Low Battery Notification Actio
ng, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can preven
ng, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can preven
rs can see and change this setting.
rs can see and change this setting.
etting, users control this setting.
etting, users control this setting.
, users control this setting.
, users control this setting.
rent value with the SourcePath parameter on the Update-Help cmdlet. If this policy setting is disabled or not configured, this policy setting
rent value with the SourcePath parameter on the Update-Help cmdlet. If this policy setting is disabled or not configured, this policy setting
g the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled
g the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled
tion. If you disable this policy setting, logging of PowerShell script input is disabled. If you enable the Script Block Invocation Logging, Po
tion. If you disable this policy setting, logging of PowerShell script input is disabled. If you enable the Script Block Invocation Logging, Po
dows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file n
dows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file n
ted publisher. The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from th
ted publisher. The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from th
setting, users cannot list and restore previous versions of files on local disks. If you do not configure this policy setting, it defaults to disable
setting, users cannot list and restore previous versions of files on local disks. If you do not configure this policy setting, it defaults to disable
s can list and restore previous versions of files on file shares. If you do not configure this policy setting, it is disabled by default.
s can list and restore previous versions of files on file shares. If you do not configure this policy setting, it is disabled by default.
to backup copies, and can see only previous versions corresponding to on-disk restore points. If you disable this policy setting, users can s
to backup copies, and can see only previous versions corresponding to on-disk restore points. If you disable this policy setting, users can s
his policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button
his policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button
version corresponding to a backup. If you disable this policy setting, the Restore button remains active for a previous version correspondin
version corresponding to a backup. If you disable this policy setting, the Restore button remains active for a previous version correspondin
ou disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clic
ou disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clic
d. Internet printing is an extension of Internet Information Services (IIS). To use Internet printing, IIS must be installed, and printing suppor
bled, the network scan page will not be displayed. If this policy setting is not configured, the Add Printer wizard will display the default num
ge will not be displayed. If this setting is not configured, the Add Printer wizard will display the default number of printers of each type: TC
nch Office Direct Printing jobs.
chines that have a relatively powerful CPU as compared to the machines GPU.
l not process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the
r" page in the Add Printer Wizard. The Browse button appears beside the "Connect to a printer on the Internet or on a home or office netw
and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard
this policy setting, the default MXDW output format is OpenXPS (*.oxps).
n Location Tracking is enabled, the system uses the specified location as a criterion when users search for printers. The value you type here
to a Web page customized for your enterprise. If you disable this setting or do not configure it, or if you do not enter an alternate Internet
, searches begin at the root of Active Directory. This setting only provides a starting point for Active Directory searches for printers. It does
-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional. If you do not confi
able this policy setting, then all printer extensions will not be allowed to run. If you disable this policy setting or do not configure it, then a
setting, the print spooler will execute print drivers in an isolated process by default. If you disable this policy setting, the print spooler will
re and the server driver cache. If you disable this policy setting, the client computer will only search the local driver store and server driver
010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating
rom print servers. If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
rom print servers. If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
drivers that do not explicitly opt out of Driver Isolation. If you disable or do not configure this policy setting, the print spooler uses the Dri
vior of non-package point and print connections. Windows Vista and later clients will attempt to make a non-package point and print conn
vior of non-package point and print connections. Windows Vista and later clients will attempt to make a non-package point and print conn
nts will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client,
nts will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client,
The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers. If you enab
s folder in Control Panel. Also, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears e
er programs to delete a printer. If this policy is disabled, or not configured, users can delete printers using the methods described above.
er servers. If you disable this setting, shared printers are not announced to print browse master servers, even if Active Directory is not avai
1607
hared will continue to be shared. The spooler must be restarted for changes to this policy to take effect.
er's shared printers cannot be published in Active Directory, and the "List in directory" option is not available. Note: This settings takes prio
When the computer that published the printers restarts, it republishes any deleted printer objects. If you enable this setting or do not confi
ally publish printers. However, you can publish shared printers manually. The default behavior is to automatically publish shared printers in
he computer is operating. To enable this additional verification, enable this setting, and then select a verification interval. To disable verific
he pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By default, the pruning service co
ority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority th
not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then
ter does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory prun
nd to Windows 2000 printers published outside their forest. The Windows pruning service prunes printer objects from Active Directory wh
rams" page lists published programs and provides an easy way to install them. Published programs are those programs that the system ad
ishers. If this setting is disabled or not configured, the "View installed updates" task and the "Installed Updates" page will be available to a
other tools and methods to view or uninstall programs. It also does not prevent users from linking to related Programs Control Panel Featu
ing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations. If this setting
abled or is not configured, the "Turn Windows features on or off" task will be available to all users. This setting does not prevent users from
puter for installation. Enabling this feature does not prevent users from navigating to Windows Marketplace using other methods. If this f
rchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Pr
fication. If you enable this setting, you can change the default DSCP value associated with the Best Effort service type. If you disable this s
w specification. If you enable this setting, you can change the default DSCP value associated with the Best Effort service type. If you disab
th the Best Effort service type. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 priority v
e flow specification. If you enable this setting, you can change the default DSCP value associated with the Controlled Load service type. If y
m to the flow specification. If you enable this setting, you can change the default DSCP value associated with the Controlled Load service ty
sociated with the Controlled Load service type. If you disable this setting, the system uses the default priority value of 0. Important: If the
pecification. If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type. If you disable
flow specification. If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type. If you d
d with the Guaranteed service type. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 prio
heduler has submitted to a network adapter for transmission, but which have not yet been sent. If you enable this setting, you can limit the
to override the default. If you enable this setting, you can use the "Bandwidth limit" box to adjust the amount of bandwidth the system ca
he flow specification. If you enable this setting, you can change the default DSCP value associated with the Network Control service type.
rm to the flow specification. If you enable this setting, you can change the default DSCP value associated with the Network Control service
ssociated with the Network Control service type. If you disable this setting, the system uses the default priority value of 0. Important: If th
orming packets. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 priority value for nonco
cification. If you enable this setting, you can change the default DSCP value associated with the Qualitative service type. If you disable thi
ow specification. If you enable this setting, you can change the default DSCP value associated with the Qualitative service type. If you disa
with the Qualitative service type. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 priorit
n established for the system, usually units of 10 microseconds. If you disable this setting or do not configure it, the setting has no effect on
this policy setting, the listed providers will respond to WMI queries, and Reliability Monitor will display system reliability information. If yo
source Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected
u created earlier to recover your computer" and "Reinstall Windows" (or "Return your computer to factory condition") appears on the "Ad
e user indicates that the shutdown or restart is unplanned. If you disable this policy setting, the System State Data feature is never activate
op-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down. If you enable this policy setting and choose
tten to the disk. You can specify the Timestamp Interval in seconds. If you disable this policy setting, the Persistent System Timestamp is tur
g. If you do not configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdo
contacts or the unsolicited Offer Remote Assistance. If you enable this policy setting, only computers running this version (or later version
on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you do not co
and you can configure additional Remote Assistance settings. If you disable this policy setting, users on this computer cannot use email or
to specify a custom message to display before a user allows a connection to his or her computer. If you enable this policy setting, the warn
ations: -No full window drag -Turn off background "Full optimization" will include the following optimizations: -Use 16-bit color (8-bit co
settings are used.
f you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
f you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
rect handles to removable storage devices in remote sessions.
orage class.

RTM

RTM

-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Config
-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Config
e or do not configure this setting, the operating system does not force a reboot. Note: If no reboot is forced, the access right does not take
e or do not configure this setting, the operating system does not force a reboot. Note: If no reboot is forced, the access right does not take

to this removable storage class.


to this removable storage class.
ed to this removable storage class.
ed to this removable storage class.
n this manner. If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to co
COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditi
setting, the RPC runtime defaults to "Auto2" level. If you do not configure this policy setting, the RPC defaults to "Auto2" level. If you ena
ograms can retrieve the extended error information by using standard Windows application programming interfaces (APIs). If you disable t
olicy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setti
er errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC
is disabled during cross-forest logons without the DNS suffixes being configured. If you disable or do not configure this policy setting, user
script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. If you disable or do not
pt as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. If you disable or do not co
em displays each instruction in the shutdown script as it runs. The instructions appear in a command window. If you disable or do not con
tion in the startup script as it runs. Instructions appear in a command window. This policy setting is designed for advanced users. If you disa
they run, although it does not display logon scripts written for Windows 2000. If you enable this setting, Windows 2000 does not display
processing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable or do not configure th
processing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable or do not configure th
nate the running of startup scripts. As a result, startup scripts can run simultaneously. If you disable or do not configure this policy setting,
Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
ct (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. For example, assume the following scenar
ct (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. For example, assume the following scenar
the system stops script processing and records an error event. If you enable this setting, then, in the Seconds box, you can type a number
If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
eshooting tools from the Troubleshooting Control Panel. If you disable this policy setting, users cannot access or run the troubleshooting to
essage that states, "Do you want the most up-to-date troubleshooting content?" If you enable or do not configure this policy setting, users
otified of the problem for interactive resolution. If you choose detection, troubleshooting and resolution, Windows will resolve some of th
rch service. Use $w in place of the query term for the search service URL. If your intranet search service is SharePoint Portal Server, your q
earch2,http://mysearch2?q=$w. For each search scope, provide: 1) A name for the scope, such as 'IT Web'. 2) The URL to the search servi

1607
ndex encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting, the loc

ds. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control P
ory usage. We recommend enabling this policy setting only on PCs where documents are stored in many languages. If you disable or do no
;.docx;.xls;.xlsx;.ppt;.pptx;.vsd;.xlsb;.xltx;.dot;.rtf

m paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under "User Co

o not reference a specific SID will not be included for indexing if these are only specified in the Group Policy under "User Configuration." To

etting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.

ble this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search. If y
d when a user performs a query in Search. If you disable this policy setting, queries will be performed on the web over metered connectio
ot affect portions of a delegate mailbox that are cached locally. To have this policy affect all parts of a delegate mailbox, ensure that for Mic
xes are managed separately from online mailboxes. The "Enable Indexing of Uncached Exchange Folders" has no effect on delegate mailbox
ms per minute. To lower the burden on Microsoft Exchange servers, lower the rate of items indexed per minute. If you disable this policy, th

ocations to the index. This policy has no effect if the Files on Microsoft Networks add-in is not installed. Disabled by default.
ocations to the index. This policy has no effect if the Files on Microsoft Networks add-in is not installed. Disabled by default.
en the policy is enabled, the Add and Remove locations options and any previously defined user locations will not be visible. When the pol
he index. If you disable or do not configure this policy setting, Windows Search monitors which folders are shared or not shared on this co

dex is not restored.


system paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under "U
nce of non-Microsoft document filters (iFilters). This policy is disabled by default.

nes all these into a single exclusion list. When this policy is disabled or not configured, the user can edit the default list of excluded file type
d the Download Public Folder Favorites option must be turned on.

g, users can acess the Advanced Options dialog for Search and Indexing Options in the Control Panel. This is the default for this policy settin
can also specify an allow list of add-ins by providing the classID or ProgId string. For example, if you plan to deploy a particular iFilter, make
ce XP or later. The full preview pane functionality is only available for Office documents in Office XP or later. When this policy is disabled or
n view so that users can see snippets related to their desktop search query. When this policy is disabled or not configured, the default is sm
: Filter adult images and videos but not text from search results; -Off: Don't filter adult content from search results. If you disable or don't
rsonalize their search and other Microsoft experiences. -User info only: Share a user's search history and some Microsoft account info to
RTM
ot configure this policy setting, users will get search suggestions based on previous searches in the search pane.
ory view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security C
ms on this computer will not be prevented from using location information from the location feature.
ms on this computer will not be prevented from using location information from the location feature.

res installed on managed servers. If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting in
you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. If you do not
ge is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Dont display this page at l
the server. If you do not configure this policy setting, Server Manager is displayed when a user logs on to the server. However, if the "Do no
ting system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path
w users to turn syncing on" so that syncing it turned off by default but not disabled. If you do not set or disable this setting, "sync your setti
so that syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the "app settings" group is on
turned off by default but not disabled. If you do not set or disable this setting, syncing of the "AppSync" group is on by default and configu
e history and favorites, will not be synced. Use the option "Allow users to turn browser syncing on" so that syncing is turned off by default
ers to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled. If you do not set or disable this se
will take place when this PC is on a metered connection. If you do not set or disable this setting, syncing on metered connections is configu
sers to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled. If you do not set or disable this se
at syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the "passwords" group is on by defau
that syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the "personalize" group is on by d
yncing is turned off by default but not disabled. If you do not set or disable this setting, syncing of the "Start layout" group is on by default
st time Windows Setup was run on the system.
h will be the location used during the last time Windows Service Pack Setup was run on the system.
rosoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over
rosoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over
users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders
e this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. Note: The defau
If you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined compu
in their profile. If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wiz
nts users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Tas
m using other administrative tools, use the "Run only specified Windows applications" policy setting.
aining that a setting prevents the action. If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files norm
vents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as T
ome Center is displayed at user logon.
, both signed and unsigned gadgets will be extracted. The default is for Windows to extract both signed and unsigned gadgets.
, both signed and unsigned gadgets will be extracted. The default is for Windows to extract both signed and unsigned gadgets.
p gadgets to be turned on.
p gadgets to be turned on.
TP4
ar in the navigation pane in File Explorer. * OneDrive files arent kept in sync with the cloud. * Users cant automatically upload photos and
also be able to open and save files on OneDrive using the OneDrive app and file picker, and Windows Store apps will still be able to access
etting can be used to modify that restriction. If you enable this policy setting, certificates with the following attributes can also be used to l
rtificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user's ability to log on to a domain.
eature. If you enable this policy setting, the integrated unblock feature will be available. If you disable or do not configure this policy setti
available smart card signature key-based certificates will not be listed on the logon screen.
used. This setting only controls the displaying of the certificate on the client machine. If you enable this policy setting certificates will be l
o enter their user name or user name and domain will be displayed. If you disable or do not configure this policy setting, an optional field

isplayed at the time of logon. If you disable or do not configure this policy setting, the default message will be displayed to the user when
r this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they
es from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to det
onfirmation message will not be displayed when a smart card device driver is installed. Note: This policy setting is applied only for smart c
y setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether y
was CN=User1, OU=Users, DN=example, DN=com and had an UPN of [email protected] then "User1" will be displayed along with "use
r and the certificates will not be made available to applications such as Outlook.
tting must also be enabled: Turn on certificate propagation from smart card. If you disable this policy setting then root certificates will not
time. If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inse
community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and route
ing and setting terminal values and monitoring network events. The manager is located on the host computer on the network. The manag
ents. This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP ser
or do not configure this policy setting, Sound Recorder can be run.
or do not configure this policy setting, Sound Recorder can be run.
enied access. If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy

ment these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Reso
erties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service. If y
quired by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory s
emoves the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off <username> item from the Start Me
rt menu search box. If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
Add the Run command to the Start menu policy has no effect.
n will fall back to Shut Down. If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by defa
in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off. If you disable or do not configure t

nfigure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, inc
g is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the
g document shortcuts. The system empties the Recent Items menu on the Start menu, and Windows programs do not display shortcuts at

nk will not be shown when the user performs a search in the start menu search box.

is policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortc
configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated wi
ocuments, Pictures, Music, Computer, and Network. The new Start menu starts them directly. If you enable this setting, the Start menu dis
hange the size of Start in Settings.
olicy setting, the default setting for the users device will be used, and the user can choose to change it.
staller and those that users have configured for full installation upon first use. If you disable this setting or do not configure it, all Start men
uding the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system
default sorting options. If you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted
ked, it cannot be moved or resized. If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is

TP5
TP5
program name. By default, this setting is always enabled. If you disable or do not configure it, items on the taskbar that share the same pr
e or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customiz

e this policy setting, the context menus for the taskbar are available. This policy setting does not prevent users from using other methods
onfigure this policy setting, the "All Programs" item remains on the simple Start menu.
cy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power bu
he pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start m

menu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
rs the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are acce
ethods to gain access to the contents of the Documents folder. Note: To make changes to this policy setting effective, you must log off and

menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Custom

the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
remove the homegroup link from the Start Menu.
Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer. Windo
ptions. As a result, users cannot restore the Log Off <username> item to the Start Menu. If you disable or do not configure this policy setti

nections from Settings on the Start menu. Network Connections still appears in Control Panel and in File Explorer, but if users try to start it

t, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
olders (such as Control.exe) from running. However, users can still start Control Panel items by using other methods, such as right-clicking t
, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on

ed from entering the following into the Internet Explorer Address Bar: --- A UNC path: \\<server>\<share> ---Accessing local drives: e.g., C

ntext menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the
f a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.

a, set the "Remove user folder link from Start Menu" policy setting. If you disable or do not configure this policy setting, the user name lab
appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can us

earch the list of installed apps. If you disable or dont configure this policy setting, the user can configure this setting.
ccess the "Run as different user" command from Start for any applications. Note: This setting does not prevent users from using other met
licy setting, then users will be able to turn the QuickLaunch bar on and off.
indows logo key. If you disable or don't configure this policy setting, the Start screen will always appear on the main display when the use
icy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps v
ually configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on tha
ually configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on tha
RTM
ize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users d
he user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Men
RTM
able this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Re
nguage. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers
nguage. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers
ard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to text entry areas
ard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to text entry areas
r text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to any text entry area when a
r text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to any text entry area when a
RTM
ws Vista only) only when these input languages or keyboards are installed. Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input
he edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this po
he edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this po
u enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in t
u enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in t
RTM
not showing what keys are tapped when entering a password. Touch Keyboard and Handwriting panel enables you to use handwriting or
hapes. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols,
hapes. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols,

te. If you do not configure this policy, users will be able to use this feature to print to a Journal Note.
te. If you do not configure this policy, users will be able to use this feature to print to a Journal Note.

C mapping will occur.


C mapping will occur.
not configure this policy, pen flicks and related features are available.
not configure this policy, pen flicks and related features are available.
orer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks train
orer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks train
tab). If you disable this policy, applications can be launched from a hardware button. If you do not configure this policy, applications can b
tab). If you disable this policy, applications can be launched from a hardware button. If you do not configure this policy, applications can b
, contact your system administrator." If you disable this policy, press and hold actions for buttons will be available. If you do not configure
, contact your system administrator." If you disable this policy, press and hold actions for buttons will be available. If you do not configure
ure this policy, user and OEM defined button actions will occur when the buttons are pressed.
ure this policy, user and OEM defined button actions will occur when the buttons are pressed.
ack and pen cursors will be shown unless the user disables them in Control Panel.
ack and pen cursors will be shown unless the user disables them in Control Panel.
ompatibility issues with toast notifications. If you disable or dont configure this policy setting, all notifications will appear as toast notificati
their Jump Lists will continue to show. If you disable or do not configure this policy setting, users can pin files, folders, websites, and other
hese programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this poli
tting, users can pin the Store app to the Taskbar.
this policy setting, users can show taskbars on more than one display.
mportant documents and other tasks. If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens
kbar setting that is not prevented by another policy setting.
ations are able to add toolbars to the taskbar.
er area of the monitor unless prevented by another policy setting.

d in the notification area. The user will be able to read notifications when they appear, but they wont be able to review any notifications th
e program shortcuts stay on the Taskbar.

displayed in the system notification area.


otification area.
ng for the users device will be used, and the user can choose to change it.

TP4

y created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change tas
y created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change tas
e properties that appear in Detail view and in the task preview. This setting prevents users from viewing and changing characteristics such
e properties that appear in Detail view and in the task preview. This setting prevents users from viewing and changing characteristics such
uter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
uter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
box or the "Start in" box that determine the program and path for a task. As a result, when users create a task, they must select a program
box or the "Start in" box that determine the program and path for a task. As a result, when users create a task, they must select a program
older. As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks
older. As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks
TP4
guration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the s
heduled Tasks folder. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configu
heduled Tasks folder. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configu
ay name for a 6to4 host. If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay
ved periodically. If you disable or do not configure this policy setting, the local host setting is used.
ers are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. If you disable or do not configure this policy setti
Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.
er URL. You will be able to configure IP-HTTPS with one of the following settings: Policy Default State: The IP-HTTPS interface is used when
ot required. If you disable or do not configure this policy setting, the local host setting is used.
disable or do not configure this policy setting, the local host setting is used. If you enable this policy setting, you can configure ISATAP with
ng, you can customize a UDP port for the Teredo client. If you disable or do not configure this policy setting, the local host setting is used.
used. This policy setting contains only one state: Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification imm
address and UDP port mapping in the translation table of the Teredo client's NAT device. If you enable this policy setting, you can specify
this policy setting, the local settings on the computer are used to determine the Teredo server name.
figure Teredo with one of the following settings: Default: The default state is "Client." Disabled: No Teredo interfaces are present on the h
ng, the local host settings are used. If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identi
e client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to c
e client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to c
s certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, w
thorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for exam
esktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also cho
(RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio record
emoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not c
te the current session time (current session time = server base time + client time zone). If you disable or do not configure this policy settin
. If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target com
n client. By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connecti
TP4
reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost. If the status is se
use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwid
he encoding option to Always Attempt, Remote Desktop will always try to use H.264/AVC hardware encoding when available, be aware th
lity to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest a
tive instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client lo
the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a
ers in a load-balanced farm should use the same RD Connection Broker server. If you enable this policy setting, you must specify the RD Co
rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-sid
experience could be set to one of the following options: 1. Let the system choose the experience for the network condition 2. Optimize f
: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. Warn me if authentic
he connected administrator is logged off, any data not previously saved is lost. If you enable this policy setting, logging off the connected a
esktop Services allows this client printer mapping. If you enable this policy setting, users cannot redirect print jobs from the remote compu
ter and the local computer. By default, Remote Desktop Services allows Clipboard redirection. If you enable this policy setting, users canno
Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. If you enable this policy setting, u
e format <driveletter> on <computername>. You can use this policy setting to override this behavior. If you enable this policy setting, clien
leration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to inves
default, administrators are able to make such changes. If you enable this policy setting the default security descriptors for existing groups
sktop Services allows LPT port redirection. If you enable this policy setting, users in a Remote Desktop Services session cannot redirect serv
and saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configur
p Connection and saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave
g, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
moteFX USB devices. If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Us
s a user's temporary folders when the user logs off. If you enable this policy setting, a user's per-session temporary folders are retained wh
rver. You can use this policy setting to override this behavior. If you enable this policy setting, the default printer is the printer specified on
ary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote compute
will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce th
R2 SP1 RemoteFX Codec.If you enable this policy setting, users' sessions on this server will only use the Windows Server 2008 R2 SP1 Rem
idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally
idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally
gh Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more inf
ems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of da
er, the Remote Desktop Session Host role service must be installed on the server. If the policy setting is enabled, the RD Session Host serve
server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one. If you enable this policy setting and t
mic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidt
slow links, and reduce server load. If you enable this policy setting, the color depth that you specify is the maximum color depth allowed fo
. If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution
ssage telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer se
enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can
ize" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles. If you enable this policy setting, y
uch as applications that use Silverlight or Windows Presentation Foundation. If you enable this policy setting, you must select the visual ex
ements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwi
e most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2

tials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user wi
cy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box. If you disable or do no
on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog
set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured co
during remote connections must use the security method specified in this setting. The following security methods are available: * Negotia
nable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To de
connected state, the user automatically reconnects to that session at the next logon. If you disable this policy setting, users are allowed to
me Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this s
either UDP or TCP (default)" If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UD
etween a client and an RD Session Host server during RDP connections. If you enable this policy setting, you need to specify a certificate te
opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. If you enable this policy setting, all commu
ntrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network
n this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on
enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: It i
oose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the
te user session. 2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent. 3. Ful
te user session. 2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent. 3. Ful
ser account connecting to this RD Session Host server have an RDS Per User CAL. Per Device licensing mode requires that each device conn
op Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minut
op Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minut
cally disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop S
cally disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop S
m a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state, running progra
m a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state, running progra
ocument file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of http://conto
ote Desktop Services session. If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD S
tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To
TP5
otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting o
otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting o
n is complete. If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this
mpt to use both TCP and UDP protocols.
onfigure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. If you disab
o the RD Connection Broker server. If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker se
er Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use t
or any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the
or any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the
u disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. If you do n
D Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Hos
s. Because Windows Aero requires additional system and bandwidth resources, allowing desktop composition for remote desktop sessions
on Host server can be started remotely by using the RemoteApp Manager on Windows Server 2008 R2 and Windows Server 2008. If you ar
to calculate the current session time (current session time = server base time + client time zone). If you disable or do not configure this po
e default user profile, Remote Desktop Connection, or through Group Policy. If you enable this policy setting, the desktop is always display
ter and the local computer. By default, Remote Desktop Services allows Clipboard redirection. If you enable this policy setting, users canno
CD monitor. Because font smoothing requires additional bandwidth resources, not allowing font smoothing for remote connections can im
nectivity. If you disable or do not configure this policy setting, the IP address of the RD Session Host server is used if a virtual IP is not availa
ng, all client printers are redirected in Remote Desktop Services sessions.
ng, all client printers are redirected in Remote Desktop Services sessions.
ayed in a Remote Desktop Services session. If you disable this policy setting, wallpaper is displayed in a Remote Desktop Services session, d
P address and network mask are used to select the network adapter used for the virtual IP addresses. If you disable or do not configure th
RD Session Host server, but it is not logged off. If you enable this policy setting, when a user closes the last running RemoteApp program a
RD Session Host server, but it is not logged off. If you enable this policy setting, when a user closes the last running RemoteApp program a
ned off. If you disable or do not configure this policy setting, Fair Share CPU Scheduling is turned on.
Windows Installer RDS Compatibility is turned off, and only one instance of the msiexec process can run at a time. If you disable or do not
m mode, you must enter a list of programs to use virtual IP addresses. List each program on a separate line (do not enter any blank lines be
ost server in the farm with the fewest sessions. Redirection behavior for users with existing sessions is not affected. If the server is configur
If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
ders. If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
ure this policy setting, File Explorer displays only thumbnail images.
ointer, and other touch-specific features. If you disable this setting, the user can produce input with touch, by using gestures, the touch poi
TP4
e to pan windows by touch. If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Pann
e to pan windows by touch. If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Pann
h require TPM owner authorization without requiring the user to enter the TPM owner password. You can choose to have the operating s
mber. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the co
olicy or the local list. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm
or the default list. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting
ted from sending commands to the Trusted Platform Module (TPM) that require authorization. This setting helps administrators prevent th
RTM
ers are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. This setting helps administra
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
1607
fessional and Windows 2000 Professional operating systems, the default file permissions for the newly generated profile are full control, or
n the local computer to a local or remote directory. If you enable this policy setting, the system uses the Windows NT 4.0 definitions. %HO
tion and data transfer, the network's latency and connection speed are determined. This policy setting and related policy settings in this fo
e hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. Th
omatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days
omputer how to respond. If you enable this policy setting, the system does not detect slow connections or recognize any connections as be
000 Professional pre-SP4 and Windows XP pre-SP1 operating systems, the default file permissions for the newly generated profile are full c
havior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user
this behavior, preventing Windows from loggin on the user with a temporary profile. If you enable this policy setting, Windows will not lo
as on a meeting room computer or on a computer in a remote office. To designate a user's primary computers, an administrator must use
nnection between the user's computer and the server that stores users' roaming user profiles. -- The system cannot access users' server-b
clude the narrowest set of data that will address your needs. For example, if there is one application with data that should not be roamed
d data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that cl
rofiles. If you enable this policy setting, you can: -- Set a maximum permitted user profile size. -- Determine whether the registry files are
might not match. When a user logs off of the computer, the system unloads the user-specific section of the registry (HKEY_CURRENT_USER
e local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is mer
the past, the roaming profile is merged with the local profile. Similarly, when the user logs off the computer, the local copy of their profile,
w link with their roaming profile server is detected. In operating systems earlier than Microsoft Windows Vista, a dialog box will be shown t
h a wireless network. Note: Windows doesn't wait for the network if the physical network connection is not available on the computer (if t
\\Computername\Sharename\%USERNAME% to give each user an individual profile folder. If not specified, all users logging onto this com
s policy setting does not stop the roaming user profile's registry file from being uploaded at user logoff. If "Run at set interval" is chosen, th
tting, in the Location list, choose the location for the home folder. If you choose On the network, enter the path to a file share in the Path
line. If you enable this policy setting, the network paths specified in this policy setting will be synchronized only by Offline Files during use
apps can use the advertising ID for experiences across apps.
l not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps
ettings in this folder together define the system's response when roaming user profiles are slow to load. If you enable this policy setting, th
tting is enabled or not configured, fixed data drives formatted with the FAT file system can be unlocked on computers running Windows Serv
cy setting is enabled or not configured, removable data drives formatted with the FAT file system can be unlocked on computers running W
this policy setting, all new BitLocker startup PINs set will be enhanced PINs. Note: Not all computers may support enhanced PINs in the p
ted. If you enable this policy, clients configured with a BitLocker Network Unlock certificate will be able to create and use Network Key Pro
provides more flexibility for managing pre-boot configuration than legacy BitLocker integrity checks. If you enable or do not configure this
you can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in
setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and rem
ve Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only ap
ve Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only ap
th BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in eit
a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be a
sed with BitLocker-protected removable data drives. Before a data recovery agent can be used it must be added from the Public Key Policie
very options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. The user either can typ
ou can require a minimum number of digits to be used when setting the startup PIN. If you disable or do not configure this policy setting, u
ayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the de
u enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking
ortant: This group policy only applies to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Servi
ortant: This group policy only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with
r writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker software-b
ading or writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker soft
ding or writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker softw
he complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements" located in Comp
password. For the complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements"
o be effective the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration\Windows Settin
y selecting the "Require use of smart cards on fixed data drives" check box. Note: These settings are enforced when turning on BitLocker,
by selecting the "Require use of smart cards on removable data drives" check box. Note: These settings are enforced when turning on Bit
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
policy setting, memory will not be overwritten when the computer restarts. Preventing memory overwrite may improve restart performanc
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
g, you can set the local computer clock to synchronize time with NTP servers. If you disable or do not configure this policy setting, the loca
ests from other computers.
RTM
RTM
RTM
RTM
e provider network. If this policy setting is not configured or is disabled, clients are allowed to connect to roaming provider Mobile Broad
RTM
RTM
RTM
RTM
TP4

d up.If you disable or do not configure this policy setting, backups can include both system or data volumes.
TP4
TP4
TP4
TP4
TP4
TP4
RTM
RTM
RTM
virus and antispyware definitions are disabled. If you disable or do not configure this setting, the antimalware service will be stopped whe
timalware service will load as a low priority task.
u disable or do not configure this setting, definition updates will be downloaded from the configured download source.
s running on battery power.
r computer to join Microsoft MAPS for this functionality to work. If you enable this setting or do not configure, the antimalware service wi
RTM
RTM
RTM
RTM
RTM
roup Policy will take priority over the local preference setting.
RTM
RTM
er the local preference setting.
oup Policy will take priority over the local preference setting.
the local preference setting.
ty over the local preference setting.
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
1607
RTM
RTM
RTM
RTM

RTM
RTM
TP4
RTM
TP4
1607
TP4
TP4
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM
RTM

not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan

he definition set GUID to enable test definitions is defined as: {b54b6ac9-a737-498e-9120-6616ad3bf590}. The value is not used and it is
0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never If you enable this setting, the check for definition
Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) If you enable th
(0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) If you enable this setting, a scheduled scan will run at
nterval specified. If you disable or do not configure this setting, checks for definition updates will occur at the default interval.
f you enable this setting, a quick scan will run at the interval specified. If you disable or do not configure this setting, a quick scan will run a
not configure this setting, archive files will be scanned to the default directory depth level.
his setting, CPU utilization will not exceed the percentage specified. If you disable or do not configure this setting, CPU utilization will not e
e specified will be scanned. If you disable or do not configure this setting, archive files will be scanned according to the default value.

d on local time on the computer where the scan is executing. If you enable this setting, a daily quick scan will run at the time of day specifi
he computer where the scan is executing. If you enable this setting, a scheduled full scan to complete remediation will run at the time of d
d on local time on the computer where the scan is executing. If you enable this setting, a scheduled scan will run at the time of day specifie
es before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring. If you enable this se
ID for the remediation action that should be taken. Valid threat alert levels are: 1 = Low 2 = Medium 4 = High 5 = Severe Valid remediati
n ID for the remediation action that should be taken. Valid remediation action values are: 2 = Quarantine 3 = Remove 6 = Ignore

1607

ctions on malware detections. If you disable or do not configure this policy setting, Windows Defender will prompt users to take actions on
olicy setting, Windows Defender does not automatically take action on the detected threats, but prompts users to choose from the actions
are scanned for malware and other potentially unwanted software.

tch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is star
catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is
e exploit detected by a definition, then that definition is "retired". If all definitions for a given protocal are retired then that protocol is no lo
dbx, mbx, mime (Outlook Express), binhex (Mac). If you enable this setting, e-mail scanning will be enabled. If you disable or do not confi
heuristics will be enabled. If you disable this setting, heuristics will be disabled.
If you disable this setting, a process scan will not be initiated when real-time protection is turned on.

to 30 days. If you enable this setting, items will be removed from the scan history folder after the number of days specified. If you disable
and this is the recommended state for this functionality. If you enable this setting, reparse point scanning will be enabled. If you disable o

ere is an entry in at least one of the following locations in registry. For shell extensions that have been approved by the administrator and a
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
d from being displayed. Note: Allowing the use of remote paths in file shortcut icons can expose users computers to security risks.
e enabled. If you enable this policy setting, Windows SmartScreen behavior may be controlled by setting one of the following options: R
s access to user-defined properties, and properties stored in NTFS secondary streams.
s access to user-defined properties, and properties stored in NTFS secondary streams.
nly blocks the creation of the folder. You can specify a known folder using its known folder id or using its canonical name. For example, the
vior of not displaying a confirmation dialog occurs.
users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and
ted. If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recyele Bin.
ers who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as
user if a new application has been installed that can handle the file type or protocol association that was invoked.
n the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different comp
to developers of Windows programs. If you enable this policy setting, the Back button is removed from the standard Open dialog box. If yo
box provided to developers of Windows programs. To see an example of the standard Open dialog box, start Wordpad and, on the File me
pe a file name in the text box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so
you enable this policy setting, select a drive or combination of drives in the drop-down list. Note: This policy setting removes the drive icon
as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools. This setti
folders -- (\\server\share) 3) FTP folders 4) web folders 5) Common Shell folders. The list of Common Shell Folders that may be specified
rom the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined
rom the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined
sk space used by the Recycle Bin. Note: This setting is applied to all volumes.
mber of shortcuts specified by the policy setting. If you disable or do not configure this policy setting, by default, the system displays short
ork Locations. This policy setting also removes these icons from the Map Network Drive browser. If you disable or do not configure this pol
e browser associated with the Map Network Drive option. This setting does not prevent users from viewing or connecting to computers in
nternet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in Ope
specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for th
ox or the Map Network Drive dialog box to view the directories on these drives. To use this setting, select a drive or combination of drives
hat appear when you right-click the File Explorer or Network Locations icons. This setting does not prevent users from connecting to anoth
not configure this policy setting, users are able to use the File Explorer CD burning features. Note: This policy setting does not prevent user
ange the properties of the DFS shares available from their computer. This policy setting does not prevent users from using other methods
ods to issue commands available on the shortcut menus.

annot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems wit
rk Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, su
list of all users that have access to the resource in question. If you disable or do not configure this setting, users will be able to access the
tting, you can choose not to have these items displayed. If you enable this policy setting, the Shared Documents folder is not displayed in
fault browser with the search terms. If you do not configure this policy (default), there will be an "Internet" link when the user performs a
erlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
t be toggled by users. Effects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to so
gure it, this dialog box appears only when users are installing programs from local media. The "Install Program as Other User" dialog box p
n, refer to the DISM documentation on TechNet. If this group policy is enabled and the client machine is domain-joined, the file will be pro
s menu. If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power O
hey want lock to show through the Power Options Control Panel.
u do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Pa
t configure this policy setting, users can choose how the ribbon appears when they open new windows.
t configure this policy setting, users can choose how the ribbon appears when they open new windows.
rn, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box ent
e Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
e Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
d set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this
d set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this

s policy will: * Disable all Arrangement views except for "By Folder" * Disable all Search filter suggestions other than "Date Modified" and
tcut keys. If you enable this setting, the Windows+X shortcut keys are unavailable. If you disable or do not configure this setting, the Wind
Windows NT 4.0, and users cannot restore the new features. Enabling this policy will also turn off the preview pane and set the folder optio
order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the targ
n progress window appears.
ant Windows XP files to the cache until the cache size reaches the quota. If you enable this policy setting, enter the maximum amount of d
t Windows File Protection to scan files more often. -- "Do not scan during startup," the default, scans files only during setup. -- "Scan dur
%Systemroot%\System32\Dllcache directory. Note: Do not put the cache on a network shared directory.
not block its unsolicited messages. This policy setting overrides other policy settings that would block those messages. If you disable or do
Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request m
Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request m
addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "File an
addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "File an
ocedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP2 and Wi
ocedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP2 and Wi
these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is selected a
these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is selected a
an receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the W
an receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the W
ws Firewall component in Control Panel allows administrators to define a local port exceptions list. If you disable this policy setting, the Win
ws Firewall component in Control Panel allows administrators to define a local port exceptions list. If you disable this policy setting, the Win
, the Windows Firewall component in Control Panel allows administrators to define a local program exceptions list. If you disable this polic
, the Windows Firewall component in Control Panel allows administrators to define a local program exceptions list. If you disable this polic
riables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information abo
riables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information abo
d change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click
d change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click
d change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program ca
d change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program ca
x is selected and administrators cannot clear it. You should also enable the "Windows Firewall: Protect all network connections" policy setti
x is selected and administrators cannot clear it. You should also enable the "Windows Firewall: Protect all network connections" policy setti
rewall allows the display of these notifications. In the Windows Firewall component of Control Panel, the "Notify me when Windows Firew
rewall allows the display of these notifications. In the Windows Firewall component of Control Panel, the "Notify me when Windows Firew
disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Fir
disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Fir
ng, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on local
ng, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on local
1607
1607

censes for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content tha
k check box on the Player tab in the Player is selected and is not available. If you disable this policy setting, a screen saver does not interrup
er's proxy settings are used. If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no de
the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetec
p to 60, that streaming media is buffered. - Default: default network buffering is used and the number of seconds that is specified is ignore
the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect
When this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Pla
e whether the anchor window displays is not available. If you disable or do not configure this policy setting, users can show or hide the an
he Network tab appears and users can use it to configure network settings.
en, unless the "Prevent music file media information retrieval" policy setting is enabled. The default privacy settings are used for the option
orer unless these settings have been hidden or disabled by Internet Explorer policies. If you disable or do not configure this policy setting,
allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the option
dia information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in
ailable. If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not av
rtcut icon to their desktops.
disabled from Windows Media Player or from programs that depend on the Player's media sharing feature. If you disable or do not configu
. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the fi
he shortcut for the Player to the Quick Launch bar.
e policy is configured are not be updated, and presets a user adds are not be displayed. If you disable or do not configure this policy setting
n the Player is cleared and is not available. If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoo
me.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin is not
a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify U
se Windows Messenger. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are prese
se Windows Messenger. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are prese
ote: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from
ote: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from
work as clear text. If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
etting, the WinRM service does not accept Basic authentication from a remote client.
P authentication.
olicy setting, the WinRM service does not accept CredSSP authentication from a remote client.
s on the HTTP transport over the default HTTP port. To allow WinRM service to receive requests over the network, configure the Windows
figure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
nfigure this policy setting, the WinRM client sends or receives only encrypted messages over the network.

WinRM client is using the Negotiate authentication and Kerberos is selected. If you disable or do not configure this policy setting, the WinR
setting, the WinRM service accepts Kerberos authentication from a remote client.
otiate authentication.
gure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will b
based on a supplied channel binding token. If you disable or do not configure this policy setting, you can configure the hardening level loc
f the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the ide
pears. When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985. A listener might be automati
r appears. When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986. A listener might be auto

ot configure this policy setting, the default number is five users.


rver will wait for the specified amount of time since the last received message from the client before terminating the open shell. If you do
s only limited by the available virtual memory. If you enable this policy setting, the remote operation is terminated when a new allocation
ot configure this policy setting, the limit is five processes per shell.
eeds the specified limit. If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.

cess the retail catalog in the Windows Store app.


cess the retail catalog in the Windows Store app.
the automatic download and installation of app updates is determined by a registry setting that the user can change using Settings in the W
nload of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.

sabled, such updates will not be installed immediately. Note: If the "Configure Automatic Updates" policy is disabled, this policy has no eff
hich logged-on user should receive update notifications. Non-administrative users will be able to install all optional, recommended, and im
rosoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. If
e restart will proceed even if the PC has signed-in users. If you disable or do not configure this policy, Windows Update will not alter its res
ncy, then all clients to which this policy is applied will check for updates anywhere between 16 and 20 hours. If the status is set to Enabled
d, you must select one of the four options in the Group Policy Setting: 2 = Notify before downloading and installing any updates. When W
15 minutes. Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the "Con
ialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.
ialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.
policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working. Note: This p
e for installation when the user selects the Shut Down option in the Start menu. If you disable or do not configure this policy setting, the 'I
e for installation when the user selects the Shut Down option in the Start menu. If you disable or do not configure this policy setting, the 'I
1607
to this computer. If the intranet Microsoft update service supports multiple target groups this policy can specify multiple group names sep
es automatically. If the system is in hibernation when the scheduled install time occurs and there are updates to be applied, then Windows
heduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer. Be aware
the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive c
d, the default interval is 10 minutes. Note: This policy applies only when Automatic Updates is configured to perform scheduled installatio
puter is next started. If the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation. If the s
1607
1607
ice for updates that apply to the computers on your network. To use this setting, you must set two servername values: the server from wh
1607
sabled or not configured Automatic Updates will continue to deliver important updates if it is already configured to do so.
use in loosely managed environments in which you allow the end user access to the Microsoft Update service. If you enable this policy setti
oaded components are ready to be installed, or prior to downloading, depending on their configuration. If you enable this setting, it prohib
Insider
Insider

y setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
pe remote shutdown interface. If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown
our interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, in
an simulate the SAS. If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS. If you
s on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted w
ogon hours expire. If you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have bee
If disabled or not configured, no popup will be displayed to the user.
If disabled or not configured, no popup will be displayed to the user.
mitted logon hours. If you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log o
nfigure automatic sign-in after a Windows Update restart. After the Windows Update restart, the user is automatically signed-in and the ses
ad and update of map data is determined by a registry setting that the user can change using Windows Settings.
1607
g, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically termin
1607
1607
ots it knows about by crowdsourcing networks that other people using Windows have connected to. "Connect to networks shared by my c
by default Push Button pairing is preferred (if allowed by other policies).
owed (but not necessarily preferred).
hine: - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this c
puter; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings
ain-joined PC. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL
to Azure Active Directory Device Registration Overview. http://go.microsoft.com/fwlink/?LinkId=307136
ed, and users will not be able to change it or any other Quiet Hours setting. If you do not configure this policy setting, a default value will b
, and users will not be able to change it or any other Quiet Hours setting. If you do not configure this policy setting, a default value will be
and video calls will be allowed during Quiet Hours, and users will not be able to customize this or any other Quiet Hours settings. If you do
1607
able to poll application services to update tiles. If you enable this policy setting, applications and system features will not be able receive n
ssed and some background task deferred during the designated Quiet Hours time window. Users will not be able to change this or any othe
administrator or user. No reboots or service restarts are required for this policy setting to take effect.
disable system features individually to stop their ability to raise toast notifications. If you disable or do not configure this policy setting, toa
administrator or user. No reboots or service restarts are required for this policy setting to take effect.
Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restr
Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restri
nfigure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. Note: Wild card characters ca
vice responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you
e unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using o
methods to install programs.
ure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools an
om using other tools and methods to delete or uninstall programs.
r remove program components. Note: If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent
Add New Programs page" setting is enabled, this setting is ignored.
Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their us
e this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent user
Add or Remove Programs. If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enable
e Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as
tting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation. If you

e allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any
operty page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.
compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, an
s of how this policy is set. Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has
e Program Compatibility Assistant is also disabled. If you disable or do not configure this policy setting, the Inventory Collector will be turne

s policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running appli
to turn on and off data collection. If you enable this policy setting, Steps Recorder will be disabled. If you disable or do not configure this p
older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applicati
veloper-signed Windows Store apps.
by an administrator Temporary user profiles, which are created when an error prevents the correct profile from loading User profiles for th

users will need to sign in with a Microsoft account.


fault desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setting
fault desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setting
efault desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this policy s
efault desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this policy s

can use. If you disable or don't set this policy setting, Windows Store apps will only use the static Content URI Rules.
ssing the file. Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows
hments with their zone information. If you disable this policy setting, Windows marks file attachments with their zone information. If you d
Windows hides the check box and Unblock button. If you disable this policy setting, Windows shows the check box and Unblock button. If
more than one inclusion list). If you enable this policy setting, you can create a custom list of high-risk file types. If you disable this policy se
han one inclusion list). If you enable this policy setting, you can specify file types that pose a low risk. If you disable this policy setting, Wi
-risk inclusion list (where an extension is listed in more than one inclusion list). If you enable this policy setting, you can specify file types w
he file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened. If you disable this
dler. Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation whic
on the workstations and servers on which this policy setting is applied. If you disable or do not configure this policy setting, the process's c
d without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be ru
d without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be ru
XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices. If you enable this policy
XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices. If you enable this policy

etrics. Note: Prior to Windows 10, not configuring this policy setting would have prevented domain users from using biometrics to log on.
his policy setting, the Windows Biometric Service is unavailable, and users cannot use any biometric feature in Windows. Note: Users who
ndows-based computer and can elevate permissions with UAC using biometrics. If you disable this policy setting, biometrics cannot be use
le or do not configure this policy setting, a default value of 10 seconds is used for fast-user switch event timeouts.

es for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from t
h Cache. Note: This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting doe
from the origin server. However, the computer will still make files available to its peers. If you disable or do not configure this policy settin
till download files from peers. If you disable or do not configure this policy setting, the computer will offer downloaded and cached files to
you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer ca
ntage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent. If you disable or do not co
y setting, you can set the maximum job download time to a specified number of seconds. If you disable or do not configure this policy setti
day's hours. If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits
nd both are active, BITS will use a maximum of 30 percent of 56 Kbps. You can change the default behavior of BITS, and specify a fixed max
figure this policy setting, BITS will use the default user BITS job limit of 300 jobs. Note: This limit must be lower than the setting specified i
t configure this policy setting, BITS will use the default BITS job limit of 300 jobs. Note: BITS jobs created by services and the local administ
of 200 for the maximum number of files a job can contain. Note: BITS Jobs created by services and the local administrator account do not
BITS will limit ranges to 500 ranges per file. Note: BITS Jobs created by services and the local administrator account do not count toward th
wnload policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a
You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited
u can set up a schedule for limiting network bandwidth during both work and nonwork hours. After the work schedule is defined, you can
tion will reset this timeout. Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have p

component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches mig
component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches mig
o in the previous session.
ttings. If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen. To hide a Co
Account picture Search results If users try to select a Control Panel item from the Properties item on a context menu, a message appears
ontrol.exe. This policy has no effect on items displayed in PC settings. To display a Control Panel item, enable this policy setting and click Sh
& Taskbar) settings.
ck screen using touch, the keyboard, or by dragging it with the mouse. Note: This setting only applies to Enterprise, Education, and Server
: First, a valid screen saver on the client is specified through the "Screen Saver executable name" setting or through Control Panel on the cl
f 2:1 with white text.

ble or do not configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Co
r. If you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen sa
tting, the default theme will be applied at the first logon.
d protection setting. If you do not configure this setting, users can choose whether or not to set password protection on each screen saver
d windows. If this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Persona

You must also enable the "Desktop Wallpaper" setting to prevent users from changing the desktop wallpaper. Refer to KB article: Q327998

pported version of Windows, then those colors take precedence over this policy. If the "Force a specific Start background" policy is also set
using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
so, a user may not apply a different visual style when changing themes.

een Saver" setting is disabled. - Neither the "Screen saver executable name" setting nor the Screen Saver dialog of the client computer's Pe
ccount Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. If you enable this policy setting, the default use
imited by any EAS settings or group policies that affect the maximum idle time before a device locks. In addition, if a password is required w

u enable this policy setting, the default logon domain is set to the specified domain, which might be different than the domain to which the
redentials (for example, to support biometric authentication). If you enable this policy, an administrator can specify the CLSIDs of the cred

er can set up and sign in with a convenience PIN. If you disable or don't configure this policy setting, a domain user can't set up and use a
n to Windows). The policy becomes effective the next time the user signs on to a computer running Windows. If you disable or do not con
ot configure (by default) this policy setting, delegation of default credentials is not permitted to any machine. Note: The "Allow delegating
the application). If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials
configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop
e Windows credential manager). If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of s
). If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to
fy any server. Note: The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The
ot specify any server. Note: The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs
y setting does not specify any server. Note: The "Deny delegating saved credentials" policy setting can be set to one or more Service Princi
g apps will not delegate credentials to remote computers. If you disable or do not configure this policy setting, restricted mode is not enfor
text box. By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the p
text box. By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the p
cy setting, users will always be required to type a user name and password to elevate.
Secure Desktop by means of the trusted path mechanism. If you disable or do not configure this policy setting, users will enter Windows cr
or their password is expiring.
eyboard using Ctrl+Alt+Del. Tip:To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.
not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
le to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. If you disable
try features on this build option in Settings.
will not look in the locally configured DCOM activation security check exemption list. If you do not configure this policy setting, DCOM wil
ptions" policy is enabled. DCOM server appids added to this policy must be listed in curly-brace format. For example: {b5dcb061-cefb-42e

ut the item is deleted each time the setting is refreshed. Note: Removing an item from the "Add" list for this setting is not the same as dele
cting "Set as Wallpaper". Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative T
h, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file is not available when
s ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer)
and GIF, for their desktop wallpaper.
the shared folder.

s ignored. If the "Turn on Classic Shell" setting ( in User Configuration\Administrative Templates\Windows Components\Windows Explorer
To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and
ry but not tempt them to casually browse Active Directory.
Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop.

ber of objects returned" box to limit returns from an Active Directory search. If you disable this setting or do not configure it, the system d
e taskbar beside the Start button), and point to "Toolbars." Also, see the "Prohibit adjusting desktop toolbars" setting.

edit Web content or disable, lock, or synchronize Active Desktop components.


m deleting items from their Active Desktop.

hell namespace, allowing them to present their users with a simpler desktop environment. If you enable this setting, Computer is hidden o
m the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. Note: To make changes to this setting effectiv

do not configure this policy setting, the Properties menu command is displayed.

then log back on.


users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then c
ame\ShareName\SIPolicy.p7b), or a locally valid path (for example, C:\FolderName\SIPolicy.p7b). The local machine account (LOCAL SYSTE
ode Integrity This setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled kernel mode memo
er, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable o
o install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting
is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting spe
tedPublisher store. If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install ne

you enable this setting, use the drop-down box to specify the desired response. -- "Ignore" directs the system to proceed with the installa

ult title in a notification when a policy setting prevents device installation.


setting prevents device installation.
policy setting, Windows does not create a system restore point when one would normally be created. If you disable or do not configure thi
tting. If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is n
e this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client
st you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from
setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing removable devices a
crosoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the drive
striction right will not take effect until the system is restarted.

ated check box beside the location name. If you disable or do not configure this setting, Windows searches the installation location, floppy

do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device me
en a device driver that requests additional software is installed.
ontinually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is tempo
if no update is found will Windows then also search Windows Update. If you disable or do not configure this policy setting, members of th

e prompted to search Windows Update. If you disable or do not configure this setting, and "Turn off Windows Update device driver search
e prompted to search Windows Update. If you disable or do not configure this setting, and "Turn off Windows Update device driver search
s policy setting, the default value of 15 minutes applies. Note: The minimum value you can select is 15 minutes. If you try to set this settin

oots or service restarts are required for this policy setting to take effect: changes take effect immediately. This policy setting only takes effe
olicy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. If
. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time ta
e this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode. Note: This policy setting is applicable
on of the system by keeping the disks spun down while satisfying reads and writes from the cache. If you enable this policy setting, the sys
onger periods to save power. Note that this can cause increased wear of the NV cache. If you do not configure this policy setting, the defa

turned off by default, but administrators can turn it on. To prevent users from changing the setting while a setting is in effect, the system d
not make changes while the setting is in effect. If you do not configure this policy setting, the disk quota limit is not enforced by default, b
m disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting wh
on the Quota tab so that administrators cannot change logging while a policy setting is in effect. If you do not configure this policy setting
tting overrides new users settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in
This policy should not be set unless the DLT server is running on all domain controllers in the domain.
ng dot. For example, if attaching suffixes is allowed, an unqualified multi-label name query for "server.corp" will be queried by the DNS cli
xample" and not for multi-label and fully qualified domain names.
this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffi
the list of DNS servers is applied to all network connections used by computers that receive this policy setting. If you disable this policy se
bel name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the q
NS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and th

al protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order. If you disable this p
ry DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel. You can use this policy
ed when a user or application submits a query for a single-label domain name. The DNS client appends DNS suffixes to the single-label, unq
ution settings. Devolution can be used when a user or application submits a query for a single-label domain name. The DNS client appends
n of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.c
setting, click Enabled, and then select one of the following options from the drop-down list: Do not register: Computers will not attempt to
rds are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records. Warning: If
ters. During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist tha
hat receive this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL setti
o WINS servers configured.
name resolution in scenarios in which conventional DNS name resolution is not possible. If you enable this policy setting, LLMNR will be dis
cy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issu
wed by NetBT for all networks. If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link
cy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. If you dis
uters send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root
orce a specific color for window frames that cannot be changed by users.
orce a specific color for window frames that cannot be changed by users.
dows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. Changing this policy setting require
dows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. Changing this policy setting require

with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by user
with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by user

ard Glyph are included in the candidate list. This policy setting applies to Japanese Microsoft IME only. Note: Changes to this setting will no
BM extended code 0x0008 // IBM extended code 0x0010 // Half width katakana code 0x0100 // EUDC(GAIJI) 0x0200 // S-JIS unmapped
Japanese Microsoft IME, [Clear auto-tuning information] works, even if this policy setting is enabled, and it clears self-tuned words from th

crosoft IME, Simplified Chinese Microsoft Pinyin, and Traditional Chinese New Phonetic.
re enabling this policy setting is still used for conversion. If you disable or do not configure this policy setting, Open Extended Dictionary ca

nded that you do not allow known bad drivers to be initialized. - Bad, but required for boot: The driver has been identified as malware, bu
cy setting, the recent apps will be available by default, and the user can configure this setting.
Shell, but not from that menu. If you disable or don't configure this policy setting, Command Prompt will be listed in the menu by default,
t configure this policy setting, Search, Share, Start, Devices, and Settings will be available by default, and the user can configure this setting

ntly used apps will appear at the top.


hen files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
olicy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.

ed Storage devices are usable on your computer.

a port number on the destination server for transmission. If you disable or do not configure this policy setting, Windows Error Reporting se

Internet Communication settings. Important: If the Turn off Windows Error Reporting policy setting is not configured, then Control Panel s
is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automaticall
is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automaticall
nd it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the
nd it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the
set a consent level of 0, 1, 2, 3, or 4. - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type. - 1 (Always ask
set a consent level of 0, 1, 2, 3, or 4. - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type. - 1 (Always ask
plications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is filled,

nel. If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Ad
nel. If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Ad
urred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this po
Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
e or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report th
e or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report th
pes, and the default consent setting determines only the consent level of any other error reports.
pes, and the default consent setting determines only the consent level of any other error reports.
enerated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report
names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove a
names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove a
hen add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names
or Reporting settings in Control Panel are set to upload operating system errors. See also the Configure Error Reporting policy setting.
nning on battery power, but checks for solutions and uploads report data normally. If you disable or do not configure this policy setting, WE
nning on battery power, but checks for solutions and uploads report data normally. If you disable or do not configure this policy setting, WE
ork cost policy again if the network profile is changed.
ork cost policy again if the network profile is changed.
This setting applies across all subscriptions for the forwarder (source computer).
he collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumb print of the client authenti
tting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old events
tting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old events
tting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old events
tting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old events
and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change acros
value can access the log. If you disable or do not configure this policy setting, only system software and administrators can read or clear th
and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change acros
cy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. Note: If

g automatically when full" policy setting.


g automatically when full" policy setting.
g automatically when full" policy setting.
g automatically when full" policy setting.

y the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
y the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
y the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
y the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

ecrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypte

folders to the root of their Users Files folder in File Explorer. Note: Enabling this policy setting does not prevent the user from being able t
ws To Go Startup Options Control Panel item. If you disable this setting, booting to Windows To Go when a USB device is connected will not

overy of corrupted files will automatically start with no UI. Windows will log an administrator event when a system restart is required. This
application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. Example val
ed. Note: To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service .

administrators may select the types of symbolic links to be evaluated.


to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. I
ally made available offline. All subfolders within the redirected folders are also made available offline. Note: This policy setting does not pr
offline. Note: This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic C
ead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To us
ement software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This poli
ement software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This poli
ese subfolders when redirecting the Start Menu or legacy My Documents folder. If you disable or not configure this policy setting, Window
ese subfolders when redirecting the Start Menu or legacy My Documents folder. If you disable or not configure this policy setting, Window

ew Pane since the two cannot be displayed at the same time. If you disable, or do not configure this policy setting, the Details Pane is hidd
t are handled by the DPS. If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. This po

ed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.
umbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value are
cy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings. To set this
cy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings. To set this
ign-in page. If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on t
rs. The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not co
rs. The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not co
owever, they will be unable to customize those choices. The user cannot customize their user locale with user overrides. If this policy setti
owever, they will be unable to customize those choices. The user cannot customize their user locale with user overrides. If this policy setti
ge selected by the local administrator. If you disable or do not configure this policy setting, there is no restriction of a specific language use
f you enable this policy setting, the user cannot see the Administrative options. If you disable or do not configure this policy setting, the u
onfigure this policy setting, the user sees the option for changing the user location (GeoID). Note: Even if a user can see the GeoID option,
atically. If you disable or do not configure this policy setting, the user sees the option for changing the UI language. Note: Even if a user ca
ot configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.
users from specifying a language different than the one used. To enable this policy setting in Windows Vista, use the "Restricts the UI langu
on (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States) an
the per-computer policy setting. The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English
the per-computer policy setting. The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English
fferent than any of the system UI languages. If you disable or do not configure this policy setting, the user can specify which UI language is
this policy setting, the language selection defaults to the language selected by the user. If you disable or do not configure this policy settin
ured, then the user will be free to change the setting according to their preference. Note that the availability and function of this setting is
s from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to
s from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to
he user will be free to change the setting according to their preference. Note that the availability and function of this setting is dependent
n will be locked to not insert a space after selecting a text prediction. If the policy is Disabled or Not Configured, then the user will be free t
is Disabled or Not Configured, then the user will be free to change the setting according to their preference. Note that the availability and
. - Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appe
avior: - If you originally created the GPO with, for example, an English system, the GPO contains English ADM files. - If you later edit the G
ronous manner. Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on u
e normal rules for evaluating if the Direct Access connection is a fast or slow network connection. If no bandwidth speed is detected, Group
an use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system
vided to change the options. If you disable or do not configure this policy setting, it has no effect on the system. The "Allow processing acr
ttings that the program implementing the folder redirection policy setting set when it was installed. If you enable this policy setting, you c
s read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mo
ve Directory Snap-ins" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller that Active
nting the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' spe
nting the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' spe
d. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this polic
able this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, i
before running logon scripts. If you disable this policy setting, Group Policy will run scripts immediately after logon. If you do not config
do not configure this policy setting, it has no effect on the system. The "Do not apply during periodic background processing" option prev
If you disable or do not configure this setting, it has no effect on the system. The "Allow processing across a slow network connection" opti
the options. If you disable or do not configure this policy setting, it has no effect on the system. The "Do not apply during periodic backgro
ng overrides customized settings that the program implementing the software installation policy set when it was installed. If you enable thi
gs apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy Objects determine which set of
vided to change the options. If you disable this setting or do not configure it, it has no effect on the system. The "Allow processing across
boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system. The "Allow processin

ect links for use on the system. If you disable this setting or do not configure it, new Group Policy object links are created in the enabled st
If you enable or disable this policy setting, by default administrators can view RSoP data. Note: To view RSoP data on a client computer, us
If you enable or disable this policy setting, by default administrators can view RSoP data. Note: To view RSoP data on a client computer, us

he cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in backg
stry entries in other subkeys. If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators cannot t

ts up. It also applies at a specified refresh interval or when manually invoked by the user. Note: This policy setting applies only to non-adm
If this setting is Disabled or Not Configured, the default display name of New Group Policy object is used.
ery 90 minutes, with a random offset of 0 to 30 minutes. If you enable this setting, you can specify an update rate from 0 to 64,800 minute
elect 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users'
dom offset of 0 to 30 minutes. If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0
configuring this policy setting overrides any system-computed wait times. If you enable this policy setting, Group Policy will use this admin
case, configuring this policy setting overrides any system-computed wait times. If you enable this policy setting, Group Policy uses this adm
directory and the source files stored in the GPO. If the local files are newer, they are copied into the GPO. Changing the status of this settin
orking. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh inter

e system does not process and apply any Local GPOs. If you disable or do not configure this policy setting, Local GPOs continue to be applie
you disable or do not configure this setting, RSoP logging is turned on. By default, RSoP logging is always on. Note: To view the RSoP infor

to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allo
ot configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension
and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The
not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extensio
en if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing
his policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.
to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allo
configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is t
ound processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle.
not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extensio
Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a s
setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off. Notes: 1.
k connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By defau
or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this ext
n if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing a
s policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off. N
ven if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processin
is policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off. N
o process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow
this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.
applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background proc
n for client computers. If you disable or do not configure this policy setting, by default event logging for this extension includes only warnin
nnection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, ba
disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for t
ocessing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes
ble or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this
to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background
or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this ext
work connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By d
his policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.
processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." No
disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for t
even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processi
this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.
tion, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, backgr
able or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for thi
even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processin
this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.
ess even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow proce
ure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned
to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow
configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is t
f Application snap-ins. Enabling this policy setting does not override policy settings that restrict the use of preference extensions. If you dis
f you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of
e this policy setting, you permit use of the Control Panel Settings item and all preference extensions under Control Panel Settings for Comp
policy setting, you permit use of the Control Panel Settings item and all preference extensions under Control Panel Settings for User Config
s (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
ers)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you
you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of t
If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of
sable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the pref
ngs (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting
disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the p
disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the p
g overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use o
nel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" poli
ttings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setti
g. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use
ngs (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting
abling this policy setting does not override policy settings that restrict the use of preference extensions. If you disable this policy setting, yo
ers)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you
g overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use o
u disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the
ttings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy settin
verrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of th
ou disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the
rides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the p
ttings asynchronously, when logging on through Remote Desktop Services. If you disable or do not configure this policy setting, Windows S
in the specified folders and their subfolders. To restrict the commands to one or more folders, enable the policy setting and enter the desi
e: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration
e: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration
table is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable. If you disa
is policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
urn on the Help Experience Improvement program feature from the Help and Support settings page.

ection to the Internet and have not disabled Windows Online from the Help and Support Options page.
ou enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol sup
ction are set such that their respective features can access the Internet. If you do not configure this policy setting, all of the the policy setti
ction are set such that their respective features can access the Internet. If you do not configure this policy setting, all of the the policy setti
er be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from auto
n the Store" item in the Open With dialog is removed. If you disable or do not configure this policy setting, the user is allowed to use the St
n the Store" item in the Open With dialog is removed. If you disable or do not configure this policy setting, the user is allowed to use the St
P and other products of companies and organizations that it considers trusted authorities. If you enable this policy setting, when you are p
drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting, users can download print drivers over HTTP.
drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting, users can download print drivers over HTTP.
information about the event to Microsoft, and allows users to learn more about why that event occurred. If you enable this policy setting,
you disable or do not configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content. You might
om the Help and Support Center "Set search options" page, and only Help content on the local computer is searched. If you disable or do
re this policy setting, users can connect to Microsoft to download a list of ISPs for their area.
licy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed. If yo
licy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed. If yo
r using the Web service to open an unhandled file association are removed. If you disable or do not configure this policy setting, the user
r using the Web service to open an unhandled file association are removed. If you disable or do not configure this policy setting, the user
s this client from printing to Internet printers over HTTP. If you disable or do not configure this policy setting, users can choose to print to I
s this client from printing to Internet printers over HTTP. If you disable or do not configure this policy setting, users can choose to print to I
on. Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activati
download content updates during searches. If you disable or do not configure this policy setting, Search Companion downloads content u

ks in Windows folders. If you disable or do not configure this policy setting, the tasks are shown.
ks in Windows folders. If you disable or do not configure this policy setting, the tasks are shown.
essenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. If you disa
essenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. If you disa
no salesperson will call, and you can continue working without interruption. It is simple and user-friendly. If you enable this policy setting
soft via the Internet or to a corporate file share. This policy setting overrides any user setting made from the Control Panel for error reporti
this policy setting, NCSI does not run either of the two active tests. This may reduce the ability of NCSI, and of other components that use N
Update is optional when installing a device. Also see "Turn off Windows Update device driver search prompt" in "Administrative Template
oup Policy setting. Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. If you disable or do not con
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
eys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be
eys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be
s Accelerators that are provided through first use of the browser.
s Accelerators that are provided through first use of the browser.
er has Accelerators that are provided through first use of the browser.
er has Accelerators that are provided through first use of the browser.
ch defines whether add-ons not listed here are assumed to be denied. If you enable this policy setting, you can enter a list of add-ons to be
ch defines whether add-ons not listed here are assumed to be denied. If you enable this policy setting, you can enter a list of add-ons to be
d in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation,
d in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation,
ement user preferences and policy settings. If you disable or do not configure this policy setting, all processes will not respect add-on man
ement user preferences and policy settings. If you disable or do not configure this policy setting, all processes will not respect add-on man
disable or do not configure this policy setting, binary behaviors are allowed for all processes.
disable or do not configure this policy setting, binary behaviors are allowed for all processes.
et Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Consist
et Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Consist
ne is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local Machine zone security applies to all
ne is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local Machine zone security applies to all

er. If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than File E
er. If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than File E
he Notification bar will be displayed for all processes. If you disable or do not configure this policy setting, the Notification bar will not be d
he Notification bar will be displayed for all processes. If you disable or do not configure this policy setting, the Notification bar will not be d
ed Zone sites.
ed Zone sites.
any zone can be protected from zone elevation for all processes. If you disable or do not configure this policy setting, processes other tha
any zone can be protected from zone elevation for all processes. If you disable or do not configure this policy setting, processes other tha
on for all processes.
on for all processes.
hat are not user initiated for all processes.
hat are not user initiated for all processes.
f you disable or do not configure this policy setting, scripted windows are not restricted.
f you disable or do not configure this policy setting, scripted windows are not restricted.

or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
ffected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow cont
ffected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow cont
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
or protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questi
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, script code on pages in the zone is prevented from running.
configure this policy setting, script code on pages in the zone is prevented from running.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
configure this policy setting, script code on pages in the zone is prevented from running.
configure this policy setting, script code on pages in the zone is prevented from running.
configure this policy setting, script code on pages in the zone can run automatically.
configure this policy setting, script code on pages in the zone can run automatically.
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
olicy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a c
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.
deleting browsing history on exit is turned off. If you do not configure this policy setting, it can be configured on the General tab in Interne
deleting browsing history on exit is turned off. If you do not configure this policy setting, it can be configured on the General tab in Interne
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag or
files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag or
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag or
files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag or
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from
files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files from

re this policy setting, files can be downloaded from the zone.


re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files are prevented from being downloaded from the zone.
re this policy setting, files are prevented from being downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files are prevented from being downloaded from the zone.
re this policy setting, files are prevented from being downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
re this policy setting, files can be downloaded from the zone.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, users are queried whether to allow HTML fonts to download.
gure this policy setting, users are queried whether to allow HTML fonts to download.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, users are queried whether to allow HTML fonts to download.
gure this policy setting, users are queried whether to allow HTML fonts to download.
gure this policy setting, HTML fonts can be downloaded automatically.
gure this policy setting, HTML fonts can be downloaded automatically.
setting, users will be prompted when non-Internet Explorer components would be installed. If you do not configure this policy setting, no
setting, users will be prompted when non-Internet Explorer components would be installed. If you do not configure this policy setting, no
tting, Web components such as fonts will be automatically installed as necessary. If you disable this policy setting, users will be prompted w
tting, Web components such as fonts will be automatically installed as necessary. If you disable this policy setting, users will be prompted w
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop items f
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this zo
ing desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this zo
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this zo
ing desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this zo
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
ing desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically.
t display UI during shutdown (default behavior in Internet Explorer 9).
t display UI during shutdown (default behavior in Internet Explorer 9).
n HTML5 media elements" setting on the Advanced tab in the Internet Options dialog box.
n HTML5 media elements" setting on the Advanced tab in the Internet Options dialog box.

t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
t Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If you d
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
orer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you dis
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
er that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this polic
u disable this policy setting, users won't receive enhanced suggestions while typing in the Address bar. In addition, users won't be able to c
u disable this policy setting, users won't receive enhanced suggestions while typing in the Address bar. In addition, users won't be able to c

not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
s to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di
ndows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as di

ll files with an invalid signature. If you do not configure this policy, users can choose to run or install files with an invalid signature.
ll files with an invalid signature. If you do not configure this policy, users can choose to run or install files with an invalid signature.
r cannot change this policy setting. The "Turn off image display" policy setting must be disabled if this policy setting is enabled. If you disab
f you disable this policy setting, browser helper objects do not launch. If you do not configure this policy, Internet Explorer automatically l
f you disable this policy setting, browser helper objects do not launch. If you do not configure this policy, Internet Explorer automatically l
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If you
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
tting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.

database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites will be able
database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites will be able
bsite database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites will be
bsite database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites will be
List is enabled or inPrivate Browsing mode is used. For at least Internet Explorer 11: If you disable this policy setting, Internet Explorer on
List is enabled or inPrivate Browsing mode is used. For at least Internet Explorer 11: If you disable this policy setting, Internet Explorer on
rator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have install
t. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have install
t. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have install
t. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have install
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the N
t. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have install
t. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have install
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
ll see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.

bjects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition. If you enable this policy setting, new
bjects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition. If you enable this policy setting, new
wnload new versions when they are available. If you disable this policy setting, Internet Explorer does not check the Internet for new versio
wnload new versions when they are available. If you disable this policy setting, Internet Explorer does not check the Internet for new versio
and enabled. If you disable this policy setting, the user is prompted when a script that is running in any process on the computer attempt
and enabled. If you disable this policy setting, the user is prompted when a script that is running in any process on the computer attempt
f the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting, the user is prompted when
f the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting, the user is prompted when
o not configure it, this control will not be designated as administrator-approved. To specify how administrator-approved controls are handle
ns of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.
ns of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.
voked. If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. If you do not c
voked. If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. If you do not c
ng them to user computers. If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs
ng them to user computers. If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs
em. If you enable the Media Explorer Bar or do not configure it, users can show and hide the Media Explorer Bar. Administrators also have
ecify to enable or disable the blocking of attachments in options.

ective text: Some command buttons have only text; some have icons and text. Show only icons: All command buttons have only icons. If yo
ective text: Some command buttons have only text; some have icons and text. Show only icons: All command buttons have only icons. If yo
example, "MSIE 7.0").
example, "MSIE 7.0").
y process" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting. If you enable t
y process" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting. If you enable t
enied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within
enied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within
will be available as an administrator approved control and can be run if the user specifies to run administrator-approved Active-X controls a
the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can
the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can
ve Desktop items from Microsoft's Active Desktop Gallery, to their desktop. If you disable this policy or do not configure it, users can add c
able this policy or do not configure it, users can add new offline content schedules. This policy is intended for organizations that are concer
nchronize, select a Web page, click the Properties button, and then click the Schedule tab. If you disable this policy, then Web pages can be
ms. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
e administrator control which components the user installs.

ative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable t
able the Advanced page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Interne
ing Internet Explorer Maintenance under Admin Templates using group policy editor. If you disable or do no configure this policy setting, t
ing Internet Explorer Maintenance under Admin Templates using group policy editor. If you disable or do no configure this policy setting, t
edules and contacts, if programs that perform these tasks are installed. This "Disable the Programs Page" policy (located in \User Configur
that have already been accepted. The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Window
lor of Web pages. If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Com
t Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Conn
t Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Conn
ser. When Internet Explorer performs this check, it prompts the user to specify which browser to use as the default. This policy is intended
policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do n
her home page policies. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their ow
b sites for languages in which the character set has been installed. If you set the "Disable the General page" policy (located in \User Configu
ou set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Exp
g newsgroups, and placing Internet calls, if programs that perform these tasks are installed. The "Disable the Programs page" policy (locate
dministrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Ex
emplates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Ratings tab from Internet Explorer in Contro
configure this policy setting, the user can add secondary home pages. Note: If the Disable Changing Home Page Settings policy is enable
configure this policy setting, the user can add secondary home pages. Note: If the Disable Changing Home Page Settings policy is enable
configure it, users can change their cache settings. If you set the "Disable the General page" policy (located in \User Configuration\Adminis
onfigure it, users can view and subscribe to channels from the Channel bar interface.
If you enable this policy, the Customize option will be removed from the menu. If you disable this policy or do not configure it, users can c
policy can be used in coordination with the "Disable customizing browser toolbar buttons" policy, which prevents users from adding or rem
tent has been updated since the last time the user synchronized with or visited the page. If you disable this policy or do not configure it, co
hronize, select a Web page, click the Properties button, and then click the Schedule tab. If you disable this policy or do not configure it, use
b page, and then click the Properties button, no properties are displayed. Users do not receive an alert stating that the command is unavai
igning up for Internet services. This policy is intended for administrators who want to maintain a consistent browser across an organization
lows the user to export favorites, feeds and cookies to a file. If you enable this policy setting, the user will not be able to use the Import/Ex
lows the user to export favorites, feeds and cookies to a file. If you enable this policy setting, the user will not be able to use the Import/Ex
et Connection Wizard. If you disable this policy or do not configure it, users can change their connection settings by running the Internet C
viders can record information about when their channel pages are viewed by users who are working offline.
w menu option" policy, which prevents users from opening the browser in a new window by clicking the File menu, pointing to New, and th
. This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified ab
ntended to help administrators ensure that users' computers are being updated uniformly across their organization. Note: This policy does
elected but dimmed. To display the Make This Page Available Offline check box, users click the Tools menu, click Synchronize, and then click
download programs from their browsers.

u disable this policy or do not configure it, users will be notified before their programs are updated. This policy is intended for administrato
cy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the A
cy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the A
tab from the interface: "Disable Internet Connection Wizard" "Disable changing connection settings" "Prevent changing proxy settings" "
tab from the interface: "Disable Internet Connection Wizard" "Disable changing connection settings" "Prevent changing proxy settings" "

d in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab
d in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab

ms tab from the interface: "Disable changing Messaging settings" "Disable changing Calendar and Contact settings" "Disable the Reset We
ms tab from the interface: "Disable changing Messaging settings" "Disable changing Calendar and Contact settings" "Disable the Reset We
es\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Pan
use this policy removes the Security tab from the interface: "Security zones: Do not allow users to change policies" "Security zones: Do no
use this policy removes the Security tab from the interface: "Security zones: Do not allow users to change policies" "Security zones: Do no

o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
o display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive the s
d forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious web
d forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious web
Reset Internet Explorer Settings.
Reset Internet Explorer Settings.
er can still manage the add-on through the Add-On Manager. If you disable or do not configure this policy setting, the appropriate controls
er can still manage the add-on through the Add-On Manager. If you disable or do not configure this policy setting, the appropriate controls
rs and developers will not be able to depend on the reveal password button being displayed in any web form or web application. If you dis
rs and developers will not be able to depend on the reveal password button being displayed in any web form or web application. If you dis
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
rer will save encrypted pages containing secure (HTTPS) information to the cache. If you do not configure this policy, Internet Explorer wil
rer will save encrypted pages containing secure (HTTPS) information to the cache. If you do not configure this policy, Internet Explorer wil
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your anti
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
t's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your antim
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to downlo
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloade
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloade
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloade
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloade
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed controls w
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users can run unsigned controls wi
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users can run unsigned controls wi
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned controls
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users are queried to choose wheth
sable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users are queried to choose wheth
Temporary Internet Files folder when all browser windows are closed. If you disable this policy setting, Internet Explorer will not delete the
Temporary Internet Files folder when all browser windows are closed. If you disable this policy setting, Internet Explorer will not delete the
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
able, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Us
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
ble, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated
The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, managing
The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, managing
ed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this policy
ed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this policy
wed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this pol
wed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this pol
mand is not available.
n open a new browser window from the File menu. Caution: This policy does not prevent users from opening a new browser window by ri
policy does not prevent users from right-clicking a link on a Web page, and then clicking the Open or Open in New Window command. To
kup language (HTML) files or as text files, but graphics, scripts, and other elements are not saved. To display the Save Web Page dialog box,
e entire contents that are displayed or run from a Web Page, such as graphics, scripts, and linked files, but does not prevent users from sav

rs from the Microsoft Internet Explorer Help file.

unavailable. If you disable this policy or do not configure it, users can manage their Favorites list. Note: If you enable this policy, users also
entity option will be removed from the File menu in Address Book. If you disable this policy or do not configure it, users can set up and cha
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ia an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If you
ists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box. If you do not confi
ists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box. If you do not confi
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried whe
gies. If you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing tech
gies. If you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing tech
ernet Explorer dialog.
g, binary behaviors are allowed for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, binary beh
g, binary behaviors are allowed for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, binary beh
et Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Interne
et Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Interne
ks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local Mach
ks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local Mach
o not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
o not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
protocol will work for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, the MK Protocol is preve
protocol will work for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, the MK Protocol is preve
cesses. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http an
cesses. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http an
net Explorer processes. If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
net Explorer processes. If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
xplorer processes. If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across d
xplorer processes. If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across d
there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processe
there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processe
ference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
ference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
e Explorer and Internet Explorer processes. If you disable this policy setting, scripts can continue to create popup windows and windows t
e Explorer and Internet Explorer processes. If you disable this policy setting, scripts can continue to create popup windows and windows t
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
e (so would typically be in the Internet Zone). If you do not configure this policy setting, users choose whether to force local sites into the I
e (so would typically be in the Internet Zone). If you do not configure this policy setting, users choose whether to force local sites into the I
e mapped into the Intranet Zone.
e mapped into the Intranet Zone.
setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.
setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
proved. Select the check boxes for the controls that you want to designate as administrator-approved. To specify how administrator-appro
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sand
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati
ns and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applicati

g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network

e Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.
e Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
d silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones
rom user to user.

pproved, click Enabled, and then select the check box for the control: -- MCSiMenu - enables Web authors to control the placement and a
figure it, these controls will not be designated as administrator-approved. To specify how administrator-approved controls are handled for
be designated as administrator-approved. To specify how administrator-approved controls are handled for each security zone, carry out th
ator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click In
t the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-cl
eck boxes for the controls that you want to designate as administrator-approved. To specify how administrator-approved controls are hand
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
m other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access application
m other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access application
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
m other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access application
m other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access application
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
u disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not configure
y out the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Doub
not configure this policy setting, users can choose whether to be notified that Internet Explorer is not the default web browser through the

ated pictures, helping pages display more quickly. If you do not configure this policy setting, Internet Explorer will play animated pictures fo
ated pictures, helping pages display more quickly. If you do not configure this policy setting, Internet Explorer will play animated pictures fo
ent, helping pages display more quickly. If you enable this policy setting, Internet Explorer will play sounds found in Web content.
ent, helping pages display more quickly. If you enable this policy setting, Internet Explorer will play sounds found in Web content.
play more quickly. If you do not configure this policy setting, Internet Explorer will play videos found in Web content.
play more quickly. If you do not configure this policy setting, Internet Explorer will play videos found in Web content.
ards are allowed, so *.contoso.com is also valid. If you disable this or do not configure this policy setting, you will not be able to provide a d
ards are allowed, so *.contoso.com is also valid. If you disable this or do not configure this policy setting, you will not be able to provide a d
options for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help. If you enable this poli
d be disabled.
d be disabled.
button on the Settings charm. If you disable or do not configure this policy setting, the user can access the Delete Browsing History dialog
button on the Settings charm. If you disable or do not configure this policy setting, the user can access the Delete Browsing History dialog

re this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access He
re this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access He
the feed discovery button.
the feed discovery button.
re this policy setting, the user can bypass SmartScreen Filter warnings.
re this policy setting, the user can bypass SmartScreen Filter warnings.
you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level. You may also want to enable
you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level. You may also want to enable

dates to Internet Explorer and Internet Tools.

s created in this scenario. Open a new Internet Explorer window. If you disable or do not configure this policy setting, the user can config
s created in this scenario. Open a new Internet Explorer window. If you disable or do not configure this policy setting, the user can config
hift+Select. If you disable or do not configure this policy setting, the user can configure how new tabs are created by default.
hift+Select. If you disable or do not configure this policy setting, the user can configure how new tabs are created by default.
arch button. Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed in
arch button. Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed in
, the user is directed to an external top result website determined by the search provider, if available. If you enable this policy setting, you
, the user is directed to an external top result website determined by the search provider, if available. If you enable this policy setting, you
is browsing. With at least Internet Explorer 11: This policy setting prevents users from deleting ActiveX Filtering data, Tracking Protection
is browsing. With at least Internet Explorer 11: This policy setting prevents users from deleting ActiveX Filtering data, Tracking Protection
s Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
s Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
reserve download history when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this po
reserve download history when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this po
avorites site data when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy settin
avorites site data when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy settin
e clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
e clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
when the user clicks Delete. If you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete. If you do not
when the user clicks Delete. If you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete. If you do not
she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
o delete or preserve temporary Internet files when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting
o delete or preserve temporary Internet files when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting
policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete. If the "Prevent access to D
policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete. If the "Prevent access to D
Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed A
Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed A

ble this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turned
ble this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turned
nternet Explorer process's Pop-Up Blocker settings by enabling the "Specify pop-up allow list" policy setting.
nternet Explorer process's Pop-Up Blocker settings by enabling the "Specify pop-up allow list" policy setting.
soft without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on Sm
soft without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on Sm
ms only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addres
ms only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addres
elp menu. If you do not configure this policy setting, the user can choose to participate in the CEIP.
elp menu. If you do not configure this policy setting, the user can choose to participate in the CEIP.

with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option
with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option

policy setting, the user cannot specify the cipher strength update information URL. You must specify the cipher strength update informatio

you disable or do not configure this policy setting, the user can specify the download path for the code.
u disable or do not configure this policy setting, the user can specify the color of links already clicked.
u disable or do not configure this policy setting, the user can specify the color of links not yet clicked.

disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Explor
disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Explor
session. If you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session. If you do not confi
session. If you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session. If you do not confi
Internet files and cookies.
Internet files and cookies.

ss list. If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences a
ss list. If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences a
his policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value N
his policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value N
et Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. This policy setting allows administrators
et Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. This policy setting allows administrators
ine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting and enter a value of 1, Local Machine Zo
ine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting and enter a value of 1, Local Machine Zo
ed to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the po
ed to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the po
the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Expl
the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Expl
allowed. If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you
allowed. If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you
on bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value N
on bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value N
erences to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Valu
erences to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Valu
tion if there is no security context. This policy setting allows administrators to define applications for which they want this security feature
tion if there is no security context. This policy setting allows administrators to define applications for which they want this security feature
or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Exp
or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Exp
e Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the rel
e Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the rel
this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, such windows may not be opened
this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, such windows may not be opened

n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
n the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.

you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers insta
you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers insta
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this po
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy settin
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction is prevented from occurring.
ou do not configure this policy setting, script interaction is prevented from occurring.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction is prevented from occurring.
ou do not configure this policy setting, script interaction is prevented from occurring.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
ou do not configure this policy setting, script interaction can occur automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts are prevented from accessing applets.
e this policy setting, scripts are prevented from accessing applets.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts are prevented from accessing applets.
e this policy setting, scripts are prevented from accessing applets.
e this policy setting, scripts can access applets automatically without user intervention.
e this policy setting, scripts can access applets automatically without user intervention.
rs can press F3 to search the Internet (from Internet Explorer) or the hard disk (from File Explorer). This policy is intended for situations in w
s designed to help administrators maintain consistent settings for searching across an organization.
t, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone
e settings established by the administrator. Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Tem
urity zone settings apply uniformly to the same computer and do not vary from user to user. Also, see the "Security zones: Do not allow use

n names are converted to IDN format only for addresses that are not in the Intranet zone. 2) Unicode domain names are converted to IDN
n names are converted to IDN format only for addresses that are not in the Intranet zone. 2) Unicode domain names are converted to IDN
s group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide the c
s group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide the c
n this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default application cache expiration
n this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default application cache expiration
abases and application caches.
abases and application caches.

policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache li
policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache li
is policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or equal
is policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or equal
ou provide the resource limit as a number. The default is 1000 resources. If you enable this policy setting, Internet Explorer will allow the cr
ou provide the resource limit as a number. The default is 1000 resources. If you enable this policy setting, Internet Explorer will allow the cr
cy setting, you can set the maximum storage limit for all application caches. The default is 1 GB. If you disable or do not configure this polic
cy setting, you can set the maximum storage limit for all application caches. The default is 1 GB. If you disable or do not configure this polic
his policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB. If you disable or do not configure th
his policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB. If you disable or do not configure th
ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of phy
ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of phy

owing steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Secur
e Content tab of the Internet Options dialog box.
e Content tab of the Internet Options dialog box.
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
pears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user ca
d Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites z
d Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites z
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com
ers to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' com

t change this option to start with the home page. If you disable this policy setting, Internet Explorer starts a new browsing session with the
t change this option to start with the home page. If you disable this policy setting, Internet Explorer starts a new browsing session with the
on Wizard does not start automatically. The user can start the wizard manually. If you do not configure this policy setting, the user can dec
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
ueried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting, i
nt that is searched for new information and downloaded. Caution: Although the Maximum Number of Offline Pages option determines how
ou disable this policy or do not configure it, users can change their Internet settings from the browser Tools menu. Caution: This policy doe
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
g for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted pr
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
ou do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Network
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup
etting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setup

ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security checks.
ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security checks.
ows the user to disable add-ons and configure the threshold. If you enable this policy setting, users are not notified when the average time
ows the user to disable add-ons and configure the threshold. If you enable this policy setting, users are not notified when the average time
. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-o
. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-o

n or off automatic image resizing.

main.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" 2. "hostname". For example, if you want to incl
main.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" 2. "hostname". For example, if you want to incl
he Privacy tab.
he Privacy tab.
ft ClearType rendering engine.
ft ClearType rendering engine.
Filtering collection is turned on. If you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on the
Filtering collection is turned on. If you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on the
bility View sites list.
bility View sites list.

. If you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.
. If you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.

ction feature for add-on management will be functional.


ction feature for add-on management will be functional.

SetProcessDEPPolicy function to turn on Data Execution Prevention on platforms that support the function. This policy setting has no effe
I will be interpreted as a failed URL. If you disable this policy setting, Data URI support is turned on. If you do not configure this policy setti
I will be interpreted as a failed URL. If you disable this policy setting, Data URI support is turned on. If you do not configure this policy setti
out how to correct the problem. The user cannot change this policy setting. If you disable this policy setting, when there is a problem conn

n to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred
n to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred

setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is turn
ng the icon that represents the image and then clicking Show Picture. The "Allow the display of image download placeholders" policy settin
AutoComplete for File Explorer is turned on. The user cannot turn it off. If you do not configure this policy setting, a user will have the freed
etting, InPrivate Browsing can be turned on or off through the registry.
etting, InPrivate Browsing can be turned on or off through the registry.
ions, and InPrivate Filtering data is not collected. If you disable this policy setting, InPrivate Filtering is available for use. If you do not confi
ions, and InPrivate Filtering data is not collected. If you disable this policy setting, InPrivate Filtering is available for use. If you do not confi
ads websites and content in the background. If you don't configure this policy setting, users can turn this behavior on or off, using Internet
ads websites and content in the background. If you don't configure this policy setting, users can turn this behavior on or off, using Internet
t are not on the filter's allow list are sent automatically to Microsoft without prompting the user. If you disable or do not configure this po
t are not on the filter's allow list are sent automatically to Microsoft without prompting the user. If you disable or do not configure this po
e this policy setting, the user can turn on or off page transitions. This feature only applies to versions of Internet Explorer up to and includi

t configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. The default is on.
t configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. The default is on.
windows launched off screen will continue to be re-positioned onscreen. If you disable or do not configure this policy setting, the popup m
windows launched off screen will continue to be re-positioned onscreen. If you disable or do not configure this policy setting, the popup m
ill not be available, and users will not see printers under the Devices charm. If you disable or do not configure this policy setting, the Print
ill not be available, and users will not see printers under the Devices charm. If you disable or do not configure this policy setting, the Print
me, users can also choose to allow this information to be shared with the Web site in the future without being prompted. If you do not co
me, users can also choose to allow this information to be shared with the Web site in the future without being prompted. If you do not co

tting. If you disable this policy setting, Internet Explorer allows sending the path portion of URLs as UTF-8. The user cannot change this poli
ings for URLs that are in the Intranet zone. 3) Always encode query strings. If you disable or don't configure this policy setting, users can t
ings for URLs that are in the Intranet zone. 3) Always encode query strings. If you disable or don't configure this policy setting, users can t
ated entry points appear on the user interface for Internet Explorer, and the user cannot turn them off. If you do not configure this policy s
ated entry points appear on the user interface for Internet Explorer, and the user cannot turn them off. If you do not configure this policy s

he auto-complete for web-address setting. If you do not configure this policy setting, a user will have the freedom to choose to turn the au
he auto-complete for web-address setting. If you do not configure this policy setting, a user will have the freedom to choose to turn the au
the background. If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the ba
the background. If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the ba

hrough a server. If you enable this policy setting, websites cannot request data across domains by using the WebSocket object. If you disab
hrough a server. If you enable this policy setting, websites cannot request data across domains by using the WebSocket object. If you disab
s domains by using the XDomainRequest object. If you disable or do not configure this policy setting, websites can request data across dom
s domains by using the XDomainRequest object. If you disable or do not configure this policy setting, websites can request data across dom
s check. If you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, and
s check. If you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, and
sessions, and Tracking Protection data is not collected. If you disable this policy setting, Tracking Protection is available for use. If you do n
sessions, and Tracking Protection data is not collected. If you disable this policy setting, Tracking Protection is available for use. If you do n
ng, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions. If you do not configure this policy setting, URL Su
ng, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions. If you do not configure this policy setting, URL Su
utoComplete for providing relevant results in the Address bar. The user cannot change this setting. If you disable this policy setting, Interne
utoComplete for providing relevant results in the Address bar. The user cannot change this setting. If you disable this policy setting, Interne
en running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, Internet Explorer 11 will use 32-b
en running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, Internet Explorer 11 will use 32-b

ure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
ure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
wever they are configured. If this policy setting is not configured, the user can choose whether or not to automatically detect the intranet
wever they are configured. If this policy setting is not configured, the user can choose whether or not to automatically detect the intranet
r. If you disable this policy setting, Internet Explorer is not started automatically to complete the signup process after the branding is comp
es not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection. A devel
es not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection. A devel
owsing is turned on. If you disable this policy setting, Caret Browsing is turned off. If you do not configure this policy setting, Caret Browsin
owsing is turned on. If you disable this policy setting, Caret Browsing is turned off. If you do not configure this policy setting, Caret Browsin
ot configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced pag
ot configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced pag
orer features. The user cannot turn on logging. If you do not configure this policy setting, the user can change the logging settings.
orer features. The user cannot turn on logging. If you do not configure this policy setting, the user can change the logging settings.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ipt injections.
ode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. If you disable this policy setti
ode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. If you disable this policy setti
he user cannot turn it on. If you do not configure this policy setting, the user can turn on or turn off inline AutoComplete. By default, inlin
ng (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This op
ng (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This op
plorer. The user cannot change this behavior through the Compatibility View Settings dialog box. If you disable this policy setting, Internet E
plorer. The user cannot change this behavior through the Compatibility View Settings dialog box. If you disable this policy setting, Internet E
bar is turned off by default. The user can turn on or turn off the menu bar.
bar is turned off by default. The user can turn on or turn off the menu bar.
policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as thou
policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as thou
you disable this policy setting, the printing of background colors and images is turned off. The user cannot turn it on. If you do not configu
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
ot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
rn off script debugging. If you disable this policy setting, script debugging is turned off. The user cannot turn on script debugging. If you d

this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone fo
icy setting, the entry points and functionality associated with this feature are turned off. If you do not configure this policy setting, the use
icy setting, the entry points and functionality associated with this feature are turned off. If you do not configure this policy setting, the use

. If you disable this policy setting, the user is not shown script errors when a page does not appear properly because of problems with its

tic Detection, unless specified by the user.

hrough proxy connections.


hrough proxy connections.
6 x 16 pixels, and the user can make them bigger (20 x 20 pixels).
6 x 16 pixels, and the user can make them bigger (20 x 20 pixels).
-up windows are prevented from appearing.
-up windows are prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
-up windows are prevented from appearing.
-up windows are prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
-up windows are prevented from appearing.
-up windows are prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.
-up windows are prevented from appearing.
-up windows are prevented from appearing.
e not prevented from appearing.
e not prevented from appearing.

The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under Inte
The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under Inte
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's history, i
er without toolbars, which might be confusing for some beginning users.
eb page by right-clicking a Web page to open the shortcut menu, and then clicking View Source. To prevent users from viewing the HTML so
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
t in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting, t
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
t the handwriting recognition error reporting tool or send error reports to Microsoft. If you disable this policy, Tablet PC users can report h
t the handwriting recognition error reporting tool or send error reports to Microsoft. If you disable this policy, Tablet PC users can report h

This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do no

Windows Components also needs to be enabled. If you disable or do not configure this policy setting, the domain controller does not pro
contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to
urn a referral ticket to the client for the appropriate domain. If you disable or do not configure this policy setting, the KDC will not search t
ng logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the sam
ain. If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authenti
te the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column, ty
s V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, typ
not guaranteed valid. If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL cer
, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (T
pport claims and compound authentication for Dynamic Access Control and Kerberos armoring. If you disable or do not configure this poli
matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate m
as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or Ne
token. If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whi
ver name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value
in controllers to support this policy. If you enable this policy setting, the device's Active Directory account will be configured for compound
ons: Automatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication using

pher suites: AES_128_CCM How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in order
n, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want

mmon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances ac

e "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On
nal options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder

custom background.
tials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. Note that becau

es are displayed to the user during these processes. Note: This policy setting is ignored if the ""Remove Boot/Shutdown/Logon/Logoff stat

his policy, the welcome screen is displayed each time a user logs on to the computer. This setting applies only to Windows 2000 Professiona
his policy, the welcome screen is displayed each time a user logs on to the computer. This setting applies only to Windows 2000 Professiona

for Windows Vista, Windows XP Professional, and Windows 2000 Professional. If you disable or do not configure this policy setting, Windo
for Windows Vista, Windows XP Professional, and Windows 2000 Professional. If you disable or do not configure this policy setting, Windo
licy setting, the system runs the programs in the run-once list. This policy setting appears in the Computer Configuration and User Configu
licy setting, the system runs the programs in the run-once list. This policy setting appears in the Computer Configuration and User Configu

do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.

able program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Syste
able program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Syste
ow new tabs appears.
ow new tabs appears.
If you don't configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge.
If you don't configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge.

for tracking info. If you don't configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tr
for tracking info. If you don't configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tr
ou disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.
ou disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.
sable or don't configure this setting, your default Home page is the webpage specified in App settings.
sable or don't configure this setting, your default Home page is the webpage specified in App settings.
hether to use Password Manager to save their passwords locally.
hether to use Password Manager to save their passwords locally.

soft Edge. If you don't configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Ed
soft Edge. If you don't configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Ed
ees can't turn it on. If you don't configure this setting, employees can choose whether to use SmartScreen Filter.
ees can't turn it on. If you don't configure this setting, employees can choose whether to use SmartScreen Filter.
Microsoft Edge won't use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while usi
Microsoft Edge won't use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while usi

snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disa
snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disa
snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disa
e tools that the files contain. This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools m
nap-in setting in the folder is disabled or not configured, the snap-in is prohibited. -- If you disable this setting or do not configure it, all sn
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
the Group Policy tab is not displayed in those snap-ins. If this setting is not configured, the setting of the "Restrict users to the explicitly pe
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
n error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of th
Mobility Center is on by default.
Mobility Center is on by default.
fications and screen blanking, adjust speaker volume, and apply a custom background image. Note: Users will be able to customize their sy
fications and screen blanking, adjust speaker volume, and apply a custom background image. Note: Users will be able to customize their sy
daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
delay will be applied to Automatic Maintenance. If you disable this policy setting, no random delay will be applied to Automatic Maintena
nd make a wake request for the daily scheduled time, if required. If you disable or do not configure this policy setting, the wake setting as s
u do not configure this policy setting, MSDT is turned on by default. This policy setting takes effect only if the diagnostics-wide scenario exe
e to find the root cause of the problem. If you enable this policy setting for remote troubleshooting, MSDT prompts the user to download a
policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider. If you do not configure this
nt users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are i
directories that their own permissions would not allow. This policy setting does not affect installations that run in the user's security contex
ble or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated privile
, users can install from removable media when the installation runs in their own security context. If you disable or do not configure this po
nel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or chan
nel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or chan
odify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0, the Windows Installer will stop
ntified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component. (2) A

allation to proceed. This policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. How
policy setting, users can install from removable media when the installation is running in their own security context, but only system admin
nstallations that run in the user's security context. If you disable or do not configure this policy setting, by default, users who are not system
values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using
ows Installer based applications. If you disable or do not configure this policy setting, users without administrative privileges can install no
mputer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product. If you d
taller cannot restore the computer to its original state if the installation does not complete. This policy setting is designed to reduce the am
taller cannot restore the computer to its original state if the installation does not complete. This policy setting is designed to reduce the am
ows Installer to use Restart Manager to detect files in use and mitigate a system restart, when possible. -- The "Restart Manager Off" optio
ds a per-user install of an application, this hides a per-computer installation of that same product. If you enable this policy setting and "Hid
ng applies even when the installation is running in the user's security context. If you disable or do not configure this policy setting, the Brow
epeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the orig
e in the order that you want Windows Installer to search: -- "n" represents the network; -- "m" represents media; -- "u" represents UR
t as many or as few event types as you want. To disable logging, delete all of the letters from the box. If you disable or do not configure th
o not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an applic
ttings on" option instructs Windows Installer to automatically generate log files for packages that include the MsiLogging property. -- The "L

and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Wi
notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest
G:myserver.corp.contoso.com or PING:2002:836b:1::1. Note We recommend that you use FQDNs instead of IPv6 addresses wherever pos

are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpo
guration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec
tion before sending the message.

ude them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a conn
you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC
a remote DC responds to the mailslot message. This policy setting is recommended to reduce the attack surface on a DC, and can be used
ot use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branc
ements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it w
cations. So this policy is provided to support such scenarios. By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some appl
ble or do not configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is req
t to contact the first reachable host with the lowest priority number listed. To specify the Priority in the DC Locator DNS SRV resource reco
operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expens
is disabled or not configured, the SYSVOL share will grant shared read access to files on the share when exclusive access is requested and t
cy setting, it is not applied to any DCs, and DCs use their local configuration.
he SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host t
ddresses which may then be used to compute a matching site for the client. The allowable values for this setting result in the following beh
A <DnsDomainName> Ldap SRV _ldap._tcp.<DnsDomainName> LdapAtSite SRV _ldap._tcp.<SiteName>._sites.<DnsDom
network connections. If you disable this policy setting, DCs will not register DC Locator DNS resource records. If you do not configure this p

s commonly used as an optimal setting. If you specify zero for this policy setting, the default behavior occurs as described above. If you di
ble storage should be specified. If you disable or do not configure this policy setting, the default behavior occurs as indicated above.
he minimum value for this setting is 0. Warning: If the value for this setting is too large, a client will not attempt to find any DCs that were in
0 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*
iodically reregister their records with DNS servers, even if their records data has not changed. If authoritative DNS servers are configured t
its site from Active Directory. If you do not configure this policy setting, it is not applied to any computers, and computers use their local c
SRV records for those sites without a DC that are closest to it. The application directory partition DC Locator DNS records and the site-spe
s are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-conn

ator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could b
dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog
s specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is
If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Dire
in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used
DsGetDcName that have specified the DS_BACKGROUND_ONLY flag. If the value of this setting is less than the value specified in the Negati
al DC Discovery Retry Setting is reached. The default value for this setting is 60 minutes (60*60). The maximum value for this setting is 49 d
9*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
or to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting ma
operties dialog box is available to users. If you enable this setting, a Properties menu item appears when any user right-clicks the icon for a
pplication Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection. If you disable this setting (and enable
s settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all us
using the File menu. If you disable this setting, the Rename option is disabled for nonadministrators only. If you do not configure the setti
and Network Configuration Operators can rename LAN connections Note: This setting does not apply to Administrators. Note: When the
e access connections is disabled for all users (including Administrators and Network Configuration Operators). Important: If the "Enable Ne

dows XP Professional do not have the ability to prohibit the use of features from Administrators. If you enable this setting, the Windows X
t open the Local Area Connection Properties dialog box. Important: If the "Enable Network Connections settings for Administrators" is disa
twork Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections setti
ed for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators" is disabled or not con
tting), the Advanced Settings item is disabled for administrators. Important: If the "Enable Network Connections settings for Administrator
tant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administra
s item is disabled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators" is disa
mponents in the Windows Components Wizard. Important: If the "Enable Network Connections settings for Administrators" is disabled or n
ss Connection Properties dialog box for a private connection is available to users. If you enable this setting (and enable the "Enable Netwo
ed or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not co
ortant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administ
nnections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 com
t apply. The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements togeth
sabled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators" is disabled or no
NS and WINS server information. Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured,
shed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was
CS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Propertie
s dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and
rough the local default gateway. If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the
e request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be res
However, in most situations Windows Network Isolation will be able to correctly discover proxies. By default, any proxies configured with th
ot configure this policy setting, Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. This setti
rk Isolation attempts to automatically discover private network hosts. By default, the addresses configured with this policy setting are merg
e or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your proxy server addresses. For m
ssified as private. If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your

Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. -- "Never go offline" indicat
Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. -- "Never go offline" indicat
ffline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user. Not
offline use. Caution: Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost.
ync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout D
configure the threshold value that will be used to determine a slow network connection. If this setting is disabled or not configured, the de
er working offline. If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and
utomatically stores a copy of the file on the user's computer. This setting does not limit the disk space available for files that user's make av
een made available offline.
synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. T
and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current ve
py on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user inte
rresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding leve
rresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding leve
ayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline." This setting is designed to p
the first reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the
the first reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the
setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that
setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that
his setting automatically enables logon synchronization in Synchronization Manager. If this setting is disabled and Synchronization Manage
his setting automatically enables logon synchronization in Synchronization Manager. If this setting is disabled and Synchronization Manage
sable or do not configuring this setting, files are not synchronized when the computer is suspended. Note: If the computer is suspended by
sable or do not configuring this setting, files are not synchronized when the computer is suspended. Note: If the computer is suspended by
ying them. If you disable the setting, the system displays the reminder balloons and prevents users from hiding them. If this setting is not c
ying them. If you disable the setting, the system displays the reminder balloons and prevents users from hiding them. If this setting is not c
hronized at logon.
ior. If set to 1, then this validation will not be performed and any password will be allowed. If set to 0, the validation will be performed.
mputer cannot register PNRP names, and cannot help other computers perform PNRP lookups. If you disable or do not configure this poli
mputer cannot register PNRP names, and cannot help other computers perform PNRP lookups. If you disable or do not configure this poli
mputer cannot register PNRP names, and cannot help other computers perform PNRP lookups. If you disable or do not configure this poli
This setting provides the added flexibility of allowing your users to use their peer-to-peer applications at home as well. Here are the four w
le, and then enter a semicolon-delimited list of IPV6 addresses in the available field. If you enable this setting and you dont enter any add
le, and then enter a semicolon-delimited list of DNS names or IPV6 addresses in the available field. If you enable this setting and you dont
be turned on.
other computers can find it when needed. If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this registry
hat other computers can find it when needed. If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this regis
hat other computers can find it when needed. If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this regis
ns exist between peers so that a node in the PNRP cloud can resolve names published by other nodes. PNRP creates a global cloud if the c
ns exist between peers so that a node in the PNRP cloud can resolve names published by other nodes. PNRP creates a global cloud if the c
ns exist between peers so that a node in the PNRP cloud can resolve names published by other nodes. PNRP creates a global cloud if the c

mber. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4. NOTE: If the above specified
mber. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4. NOTE: If the above specified

rs to use special characters in their PIN.

e TPM is non-functional or unavailable.


tures. NOTE: Disabling this policy prevents the user of biometric gestures on the device for all account types.
using keys or certificates for all users. If you disable this policy setting, the device does not provision Microsoft Passport for Work for any u
wing the use of a phone as a companion device for desktop authentication. If you disable or do not configure this policy setting, Remote Pa
ility mode or get help online through a Microsoft website. If you disable this policy setting, the PCA does not detect compatibility issues fo

is setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network
ble this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions." If you do not confi
figure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch offi
refer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other gro
puter cache age settings are not applied to client computers by this policy. In the circumstance where client computers are domain membe
e content to other BranchCache distributed cache mode clients in the branch office. Policy configuration Select one of the following: - No
h office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted ca
the following: - Not Configured. With this selection, BranchCache client computer cache settings are not applied to client computers by thi
d Cache Servers Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not applie

n detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boo
nt log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Win
ed to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS
t log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Win
ack by default.
is used to determine if Windows should automatically sleep.
is used to determine if Windows should automatically sleep.

ers control this setting.


tiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown(). If you enable th

ol this setting.
erforming a resume operation.
disable or do not configure this policy setting, users control this setting.
disable or do not configure this policy setting, users control this setting.
e50083), indicating the power plan to be active. If you disable or do not configure this policy setting, users can see and change this setting

een when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy

n the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting ca
n the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting ca
on to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run o
on to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run o
onfigure this policy setting, users control this setting.
onfigure this policy setting, users control this setting.

ow Battery Notification Action" policy setting is configured to "No Action". If you disable or do not configure this policy setting, users can c
hine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to dis
hine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to dis

configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet. Note: This policy setti
configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet. Note: This policy setti
execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the Log
execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the Log
t Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or sto
t Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or sto
uments directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this pol
uments directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this pol
scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to run.
y setting, it defaults to disabled.
y setting, it defaults to disabled.
sabled by default.
sabled by default.
this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk re
this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk re
user clicks the Restore button, Windows attempts to restore the file from the local disk. If you do not configure this policy setting, it is disab
user clicks the Restore button, Windows attempts to restore the file from the local disk. If you do not configure this policy setting, it is disab
revious version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media. I
revious version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media. I
on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share. If you do not configure this p
on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share. If you do not configure this p
installed, and printing support and this setting must be enabled. Note: This setting affects the server side of Internet printing only. It does
d will display the default number of printers of each type: Directory printers: 20 TCP/IP printers: 0 Web Services printers: 0 Bluetooth pri
r of printers of each type: TCP/IP printers: 50 Web Services printers: 50 Bluetooth printers: 10 Shared printers: 50 If you would like to no

he expense of increasing the load on the server. If you disable this policy setting on a client machine, the client itself will process print jobs
t or on a home or office network" option. When users click Browse, the system opens an Internet browser and navigates to the specified U
button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard display

ters. The value you type here overrides the actual location of the computer conducting the search. Type the location of the user's compute
ot enter an alternate Internet address, the default link will appear in the Printers folder. Note: Web pages links only appear in the Printers f
searches for printers. It does not restrict user searches through Active Directory.
ofessional. If you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will
or do not configure it, then all printer extensions that have been installed will be allowed to run.
setting, the print spooler will execute print drivers in the print spooler process. Notes: -Other system or driver policy settings may alter the
driver store and server driver cache for compatible Point and Print drivers. If it is unable to find a compatible driver, then the Point and Prin
ay also be capable of isolating print drivers, depending on whether they are configured for it. If you enable or do not configure this policy s
point and print only.
point and print only.
the print spooler uses the Driver Isolation compatibility flag value reported by the print driver. Notes: -Other system or driver policy settin
package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. A
package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. A
iver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection wi
iver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection wi
ity to computers. If you enable this setting, users can browse for printers by location without knowing the printer's location or location na
hey try, a message appears explaining that the setting prevents the action. However, this setting does not prevent users from using the Ad
methods described above.
if Active Directory is not available. If you do not configure this setting, shared printers are announced to browse master servers only when

Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
ble this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond. If you d
cally publish shared printers in Active Directory. Note: This setting is ignored if the "Allow printers to be published" setting is disabled.
tion interval. To disable verification, disable this setting, or enable this setting and select "Never" for the verification interval.
efault, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from A
eempted by higher priority threads. By default, the pruning thread runs at normal priority. However, you can adjust the priority to improve
uter still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By
d interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The
ects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 20
programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system a
es" page will be available to all users. This setting does not prevent users from using other tools and methods to install or uninstall program
Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.
other locations. If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users. This setting
g does not prevent users from using other tools and methods to configure services or enable or disable program components.
using other methods. If this feature is disabled or is not configured, the "Get new programs from Windows Marketplace" task link will be a
istrator also appear in the Programs Control Panel. If this setting is disabled or not configured, the Programs Control Panel in Category Vie
vice type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service type is specifi
ort service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service type i
ortant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored wh
trolled Load service type. If you disable this setting, the system uses the default DSCP value of 24 (0x18). Important: If the DSCP value for
he Controlled Load service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for t
value of 0. Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setti
d service type. If you disable this setting, the system uses the default DSCP value of 40 (0x28). Important: If the DSCP value for this service
ranteed service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service t
Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignore
this setting, you can limit the number of outstanding packets. If you disable this setting or do not configure it, then the setting has no effe
nt of bandwidth the system can reserve. If you disable this setting or do not configure it, the system uses the default value of 80 percent of
etwork Control service type. If you disable this setting, the system uses the default DSCP value of 48 (0x30). Important: If the DSCP value fo
h the Network Control service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value fo
ty value of 0. Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this se
ayer-2 priority value for nonconforming packets is specified in the registry for a particular network adapter, this setting is ignored when con
ervice type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service type is spe
ative service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service typ
portant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored w
t, the setting has no effect on the system. Important: If a timer resolution is specified in the registry for a particular network adapter, then
m reliability information. If you disable this policy setting, Reliability Monitor will not display system reliability information, and WMI-capabl
the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will de
ndition") appears on the "Advanced recovery methods" page of Recovery (in Control Panel) and will allow the user to restore the compute
Data feature is never activated. If you do not configure this policy setting, the default behavior for the System State Data feature occurs. N
his policy setting and choose "Server Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a
stent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded. If you do not configure this policy setting, t
to "Upload unplanned shutdown events" by default. Also see the "Configure Error Reporting" policy setting.
g this version (or later versions) of the operating system can connect to this computer. If you disable this policy setting, computers running
e Assistance. If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff
omputer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections
e this policy setting, the warning message you specify overrides the default message that is seen by the novice. If you disable this policy se
ns: -Use 16-bit color (8-bit color in Windows Vista) -Turn off font smoothing (not supported in Windows Vista) -No full window drag -Turn

age classes.
age classes.
s located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
s located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
he access right does not take effect until the operating system is restarted.
he access right does not take effect until the operating system is restarted.

ice, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. If you enable this policy setting, RPC
ications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PK
s to "Auto2" level. If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state informa
rfaces (APIs). If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition. If you do not c
ted machine. This policy setting should never be applied to a domain controller. If you disable this policy setting, the RPC server runtime u
he RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout. This policy setting is only applicable when the RPC Client, the
figure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the DNS
users. If you disable or do not configure this policy setting, the instructions are suppressed.
s. If you disable or do not configure this policy setting, the instructions are suppressed.
If you disable or do not configure this policy setting, the instructions are suppressed.
or advanced users. If you disable or do not configure this policy setting, the instructions are suppressed. Note: Starting with Windows Vist
ndows 2000 does not display logon scripts written for Windows NT 4.0 and earlier. If you disable or do not configure this policy setting, Win
disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously. This pol
disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously. This pol
t configure this policy setting, a startup cannot run until the previous script is complete. Note: Starting with Windows Vista operating syste
puter startup and shutdown. For example, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy s
assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO
assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO
s box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To dir
y signed packages.
or run the troubleshooting tools from the Control Panel. Note that this setting also controls a user's ability to launch standalone troublesh
figure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microso
dows will resolve some of these problems silently without requiring user input. If you disable this policy setting, Windows will not be able
arePoint Portal Server, your query should resemble the following: http://sitename/Search.aspx?k=$w If your intranet search service is Win
) The URL to the search service. Use $w in place of the query term for the search service URL. If your intranet search service is SharePoint

ure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not ind

configured through Control Panel, will be used. Note: By default, the Control Panel setting is set to treat words that differ only because of d
uages. If you disable or do not configure this policy setting, Windows will use automatic language detection only when it can determine th

e Group Policy under "User Configuration." To restrict a file system path from indexing, please specify the file system path to be indexed un

nder "User Configuration." To include a file system path for indexing, please specify the file system path to be indexed under the "Compute

n be indexed.

rforms a query in Search. If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the w
web over metered connections and web results will be displayed when a user performs a query in Search. If you don't configure this policy
e mailbox, ensure that for Microsoft Outlook 2007 no portions of the delegate mailbox are cached locally. The default behavior for Search i
no effect on delegate mailboxes. To stop indexing of online and delegate mailboxes you must disable both policies.
e. If you disable this policy, then online mail items will be indexed at the speed that the Microsoft Exchange server can support. If you set t

bled by default.
bled by default.
not be visible. When the policy is disabled, both the Add and Remove locations options as well as any previously specified user locations w
ared or not shared on this computer, and automatically adds them to or removes them from the index.

in the Group Policy under "User Configuration." To restrict a file system path from indexing, please specify the file system path to be index

efault list of excluded file types. If you enable and then disable this policy, the user's original list is restored. If you want to specify an initial

he default for this policy setting.


ploy a particular iFilter, make sure that this iFilter is on the allow list, either as a GUID such as {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (includ
When this policy is disabled or not configured, the preview pane shows automatically to the right of the Desktop Search results, and your us
ot configured, the default is small icon view.
esults. If you disable or don't configure this policy setting, users can specify the SafeSearch setting.
me Microsoft account info to personalize their search and other Microsoft experiences. -Anonymous info: Share usage information but do

er's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displa

pecified in the policy setting instead of the Configure Refresh Interval setting (in Windows Server 2008 and Windows Server 2008 R2), or
on to the server. If you do not configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs o
e "Dont display this page at logon" option at the bottom of the Manage Your Server page, the page is not displayed.
server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or Do not start Serve
enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when ea
le this setting, "sync your settings" is on by default and configurable by the user.
he "app settings" group is on by default and configurable by the user.
p is on by default and configurable by the user.
ncing is turned off by default but not disabled. If you do not set or disable this setting, syncing of the "browser" group is on by default and
u do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
etered connections is configurable by the user.
ou do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
sswords" group is on by default and configurable by the user.
"personalize" group is on by default and configurable by the user.
ayout" group is on by default and configurable by the user.

smits them to Microsoft over a secure connection. If you enable this policy, Tablet PC users cannot choose to share writing samples from t
smits them to Microsoft over a secure connection. If you enable this policy, Tablet PC users cannot choose to share writing samples from t
ault is to allow shared folders to be published when this setting is not configured.
n is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
a on a domain-joined computer is not shared with the homegroup. This policy setting is not configured by default. You must restart the co
wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders. If you disab
unning programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the co

Cmd.exe and batch files normally. Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup,
m running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the

unsigned gadgets.
unsigned gadgets.
omatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features ca
pps will still be able to access OneDrive using the WinRT API. If you enable or do not configure this policy setting, users with a connected a
ttributes can also be used to log on with a smart card: - Certificates with no EKU - Certificates with an All Purpose EKU - Certificates with a
ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affect
not configure this policy setting then the integrated unblock feature will not be available.

cy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired. If
licy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed.

e displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
mined to be the same if they are issued from the same template with the same major version and they are for the same user (determined
your smart card vendor to determine if your smart card and associated CSP supports the required behavior. If you enable this setting, then
ng is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
acturer to find out whether you will be affected by this policy setting.
be displayed along with "[email protected]." If the UPN is not present then the entire subject name will be displayed. This setting con

hen root certificates will not be propagated from the smart card.
e installed when a card is inserted in a Smart Card Reader. Note: This policy setting is applied only for smart cards that have passed the Win
workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNM
r on the network. The manager's role is to poll the agents for certain requested information. If you enable this policy setting, the SNMP ag
munity sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management system

e servers on which this policy setting is applied. If you disable this policy setting, users see a standard Access Denied message that doesn't

s part of the File Server Resource Manager role service. If you enable this policy setting, the Classification tab is displayed. If you disable o
rce Manager role service. If you enable this policy setting, you can select which list of properties is available for classification on the affecte
uch, they share the memory space allocated to the VDM process and cannot run simultaneously. Enabling this setting adds a check box to
ame> item from the Start Menu. If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove
k on the start menu.

be set to Shut Down by default, and the user can change this setting to another action.
disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the

when the user logged off, including the history of previous notifications for each tile. This setting does not prevent new notifications from
o the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the
ms do not display shortcuts at the bottom of the File menu. In addition, the Jump Lists off of programs in the Start Menu and Taskbar do not

hs associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If th
arches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to fin
his setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons. If you disabl

not configure it, all Start menu shortcuts appear as black text. Note: Enabling this setting can make the Start menu slow to open.
bars (if any), and the system clock. If this setting is disabled or is not configured, the notification area is shown in the user's taskbar. Note:
rst when the apps are sorted by category, and the user can configure this setting.
taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties. If you disable this setting

skbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
ndary tile, enter the customize mode and rearrange tiles within Start and Apps.

rs from using other methods to issue the commands that appear on these menus.

he Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE. I
programs gone" on the Start menu, and "Where have my icons gone" in the notification area. If you disable this setting or do not configure

ll as which programs are accessible from the Start menu, desktop, and other locations. If you disable or do not configure this policy setting
ffective, you must log off and then log on. If you disable or do not configure this policy setting, he Documents icon is available from the Sta

perties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites

u in Internet Explorer. Windows Update, the online extension of Windows, offers software updates to keep a users system up-to-date. The
not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item. This policy setting affects the S

orer, but if users try to start it, a message appears explaining that a setting prevents the action. If you disable or do not configure this polic

ethods, such as right-clicking the desktop to start Display or right-clicking Computer to start System. If you disable or do not configure this p
ers cannot turn the menu on. If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document sho

-Accessing local drives: e.g., C: --- Accessing local folders: e.g., \temp> Also, users with extended keyboards will no longer be able to displa

press the Application key (the key with the Windows logo)+ F. Note: Enabling this policy setting also prevents the user from using the F3 ke
results" link.

icy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
ght confuse users, you can use this setting to hide user-specific folders. Note that this setting hides all user-specific folders, not just those

nt users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different

e main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start bu
o switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.
out PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured. Once the XML fil
out PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured. Once the XML fil

zed Menus" option so users do not try to change the setting while a setting is in effect. Note: Personalized menus require user tracking. If y
ed programs in the Start Menu. Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off

option to configure System Restore or create a restore point through System Protection is also disabled. If you disable or do not configure t
enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will not provide text prediction suggestions. Use
enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will not provide text prediction suggestions. Use
pear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel O
pear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel O
to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box
to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box

panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter te
og box. If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this se
og box. If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this se
e to configure this setting in the Input Panel Options dialog box. If you disable this policy, application auto complete lists will appear next to
e to configure this setting in the Input Panel Options dialog box. If you disable this policy, application auto complete lists will appear next to

es you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and c
yboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and choose All from the drop-down menu, no sc
yboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and choose All from the drop-down menu, no sc

s tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable p
s tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable p
this policy, applications can be launched from a hardware button.
this policy, applications can be launched from a hardware button.
able. If you do not configure this policy, press and hold actions will be available.
able. If you do not configure this policy, press and hold actions will be available.

s will appear as toast notifications. A reboot is required for this policy setting to take effect.
folders, websites, and other items to a program's Jump List so that the items is always present in this menu.
e or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.

the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked o

to review any notifications they miss. If you disable or do not configure this policy setting, Notification and Security and Maintenance will

eet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management
eet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management
changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security
changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security
figuration takes precedence over the setting in User Configuration.
figuration takes precedence over the setting in User Configuration.
k, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and
k, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and
ram into the Scheduled tasks folder. This setting does not prevent users from using other methods to create new tasks, and it does not pre
ram into the Scheduled tasks folder. This setting does not prevent users from using other methods to create new tasks, and it does not pre

n takes precedence over the setting in User Configuration. Important: This setting does not prevent administrators of a computer from usin
s. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Importan
s. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Importan
nd you cannot specify a relay name for a 6to4 host.
o not configure this policy setting, the local host setting is used. If you enable this policy setting, you can configure 6to4 with one of the foll

HTTPS interface is used when there are no other connectivity options. Policy Enabled State: The IP-HTTPS interface is always present, even

you can configure ISATAP with one of the following settings: Policy Default State: If the ISATAP router name is resolved successfully, the hos
he local host setting is used.
will attempt qualification immediately and remain qualified if the qualification process succeeds.
olicy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT device,

terfaces are present on the host. Client: The Teredo interface is present only when the host is not on a network that includes a domain con
ed and system will try to identify connectivity and throughput problems and take appropriate measures. If you disable this policy setting, W
nfirm whether they want to connect. If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown pu
nfirm whether they want to connect. If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown pu
.rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). If you
default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote D
hone. By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recor
ter. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by u
ot configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as th
sktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections. If you do no
the Remote Desktop Connection client. If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by

ction is lost. If the status is set to Disabled, automatic reconnection of clients is prohibited. If the status is set to Not Configured, automati
t uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network
when available, be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-
mode consumes the lowest amount of network bandwidth of the quality modes. If you enable this policy setting and set quality to Mediu
on Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host se
main Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the ser
g, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high a
alization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Sessio
work condition 2. Optimize for server scalability 3. Optimize for minimum bandwidth usage If you disable or do not configure this policy s
server. Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can b
g, logging off the connected administrator is not allowed. If you disable or do not configure this policy setting, logging off the connected ad
jobs from the remote computer to a local client printer in Remote Desktop Services sessions. If you disable this policy setting, users can re
his policy setting, users cannot redirect Clipboard data. If you disable this policy setting, Remote Desktop Services always allows Clipboard
u enable this policy setting, users cannot redirect server data to the local COM port. If you disable this policy setting, Remote Desktop Ser
nable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is n
are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accele
escriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. If you disable or
s session cannot redirect server data to the local LPT port. If you disable this policy setting, LPT port redirection is always allowed. If you d
etting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
u disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
card devices on connection. Note: The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Win
s to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the suppor
orary folders are retained when the user logs off from a session. If you disable this policy setting, temporary folders are deleted when a us
ter is the printer specified on the remote computer. If you disable this policy setting, the RD Session Host server automatically maps the cl
eated on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid. If you enable this policy
cy setting. You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy settin
ows Server 2008 R2 SP1 RemoteFX Codec for encoding. This mode is compatible with thin client devices that only support the Windows Se
ts. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote D
ts. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote D
nnection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Serv
d that notes the number of days until the licensing grace period for the RD Session Host server will expire. If you enable this policy setting,
d, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the
nable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CA
s a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determ
ximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support avail
l be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. If you disable or do no
erformance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Re
top Services session. You can specify a number from 1 to 16. If you disable or do not configure this policy setting, the number of monitors
ou enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming u
you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multim
also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed). If
y to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a W

e client computer, the user will not be prompted to provide credentials. Note: If you enable this policy setting in releases of Windows Serve
g box. If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box
n the Windows Security dialog box on the client computer. If the status is set to Disabled or Not Configured, Windows Security remains in t
does not allow unsecured communication with untrusted clients. If the status is set to Disabled, Remote Desktop Services always request
hods are available: * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer
RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connectio
setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you do not configure
ssume that all traffic to this server originates from a low-speed connection. If you disable Continuous Network Detect, Remote Desktop Pr
of the RDP traffic will use UDP. If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP. If
eed to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a c
this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption m
onfigured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as th
way server settings" option on the client. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check
ption on the client. Note: It is highly recommended that you also specify the authentication method by using the "Set RD Gateway authen
arename, and then select the drive letter to which you want the network share to be mapped. If you choose to keep the home directory o
with the user's consent. 3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's c
with the user's consent. 3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's c
equires that each device connecting to this RD Session Host server have an RDS Per Device CAL. If you enable this policy setting, the Remo
receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the sessio
receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the sessio
before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a consol
before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a consol
nnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessi
nnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessi
ed in the form of http://contoso.com/rdweb/Feed/webfeed.aspx. If you enable this policy setting, the specified URL is configured as the d
efault behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You
es when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. If you disable or do n

ection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows D
ection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows D
registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. If you disable or d

vanced graphics. If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these adv
s the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where th
e RD Session Host server use the same user profile. If you disable or do not configure this policy setting, mandatory user profiles are not us
Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client prin
Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client prin
e default adapter. If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Micr
y process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: 1. Rem
for remote desktop sessions can reduce connection performance, particularly over slow links, and increase the load on the remote compu
indows Server 2008. If you are using Windows Server 2012, you can configure this in the Collection properties sheet by using Server Mana
e or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the sa
the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settin
his policy setting, users cannot redirect Clipboard data. If you disable this policy setting, Remote Desktop Services always allows Clipboard
or remote connections can improve connection performance, particularly over slow links. By default, font smoothing is allowed for remot
used if a virtual IP is not available.

te Desktop Services session, depending on the client configuration. If you do not configure this policy setting, Windows Vista displays wallp
disable or do not configure this policy setting, Remote Desktop IP Virtualization is turned off. A network adapter must be configured for Rem
nning RemoteApp program associated with a session, the RemoteApp session will remain in a disconnected state until the time limit that y
nning RemoteApp program associated with a session, the RemoteApp session will remain in a disconnected state until the time limit that y

me. If you disable or do not configure this policy setting, Windows Installer RDS Compatibility is turned on, and multiple per user applicati
o not enter any blank lines between programs). For example: explorer.exe mstsc.exe If you disable or do not configure this policy setting,
ected. If the server is configured to use RD Connection Broker, users who have an existing session are redirected to the RD Session Host serv

work folders.

using gestures, the touch pointer, and other-touch specific features. If you do not configure this setting, touch input is on by default. Note

figure this setting, Touch Panning is on by default. Note: Changes to this setting will not take effect until the user logs off.
figure this setting, Touch Panning is on by default. Note: Changes to this setting will not take effect until the user logs off.
hoose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TP
_FieldUpgrade. To find the command number associated with each TPM command, run "tpm.msc" and navigate to the "Command Manag
he default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" co
pm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows.
elps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send command

This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can
ted profile are full control, or read and write access for the user, and no file access for the administrators group. By configuring this policy
dows NT 4.0 definitions. %HOMESHARE% stores only the network share (such as \\server\share). %HOMEPATH% stores the remainder of th
elated policy settings in this folder together define the system's response when roaming user profiles are slow to load. If you enable this po
hen the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load. If you enable this
the specified number of days. If you disable or do not configure this policy setting, User Profile Service will not automatically delete any pr
cognize any connections as being slow. As a result, the system does not respond to slow connections to user profiles, and it ignores the pol
ly generated profile are full control access for the user and no file access for the administrators group. No checks are made for the correct
version of their roaming user profile. If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but w
y setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded. If you disabl
rs, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Director
cannot access users' server-based profiles when users log on or off. -- Users' local profiles are newer than their server-based profiles. If yo
a that should not be roamed then add only that application's specific folder under the AppData\Roaming folder rather than all of the AppD
previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use
whether the registry files are included in the calculation of the profile size. -- Determine whether users are notified when the profile excee
egistry (HKEY_CURRENT_USER) into a file (NTUSER.DAT) and updates it. However, if another program or service is reading or editing the reg
nges they have made, is merged with the server copy of their profile. Using the setting, you can prevent users configured to use roaming p
he local copy of their profile, including any changes, is merged with the server copy of the profile. Using this policy setting, you can preven
, a dialog box will be shown to the user during logon if a slow network connection is detected. The user then is able to choose to download
vailable on the computer (if the media is disconnected or the network adapter is not available). If you enable this policy setting, Windows
ll users logging onto this computer will use the same roaming profile folder as specified by this policy. You need to ensure that you have se
n at set interval" is chosen, then an interval must be set, with a value of 1-720 hours. Once set, Windows uploads the profile's registry file a
ath to a file share in the Path box (for example, \\ComputerName\ShareName), and then choose the drive letter to assign to the file share.
nly by Offline Files during user logon and logoff, and will be taken offline while the user is logged on. If you disable or do not configure this

sktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UP
u enable this policy setting, the system waits for the remote copy of the roaming user profile to load, even when loading is slow. If you disa
puters running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. Th
ked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be
pport enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup.
eate and use Network Key Protectors. To use a Network Key Protector to unlock the computer, both the computer and the BitLocker Drive
able or do not configure this policy setting, BitLocker will use Secure Boot for platform integrity if the platform is capable of Secure Boot-ba
ave the recovery password in a folder. You can specify either a fully qualified path or include the target computer's environment variables i
erating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-A
available. This policy is only applicable to computers running Windows 8 and later. If you enable this policy setting you will be able to choos
available. This policy is only applicable to computers running Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows
Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encry
gent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Po
ed from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker
ation. The user either can type a 48-digit numerical recovery password or insert a USB flash drive containing a 256-bit recovery key. If you
configure this policy setting, users can configure a startup PIN of any length between 4 and 20 digits.
L and want to revert to the default message, you must keep the policy enabled and select the "Use default recovery message and URL" opti
will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocke
are with a Compatibility Service Module (CSM) enabled. Computers using a native UEFI firmware configuration store different values into th
BIOS or UEFI firmware with a Compatibility Service Module (CSM) enabled store different values into the Platform Configuration Registers
whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-b
ontrol whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hard
ntrol whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardw
equirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also enab
et complexity requirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ mu
onfiguration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also enabled. Note: These settings are enforc
d when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the d
enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available

y improve restart performance but will increase the risk of exposing BitLocker secrets. If you disable or do not configure this policy setting,

re this policy setting, the local computer clock does not synchronize time with NTP servers.
aming provider Mobile Broadband networks.

e service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted, the service will be start

e, the antimalware service will receive notifications to disable definitions. If you disable this setting, the antimalware service will not receiv
be scanned during quick scan and custom scan.

The value is not used and it is recommended that this be set to 0.


tting, the check for definition updates will occur at the frequency specified. If you disable or do not configure this setting, the check for defi
ever (default) If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified. If you disable or
g, a scheduled scan will run at the frequency specified. If you disable or do not configure this setting, a scheduled scan will run at a default
default interval.
setting, a quick scan will run at a default time.

tting, CPU utilization will not exceed the default value.


ng to the default value.

run at the time of day specified. If you disable or do not configure this setting, a daily quick scan will run at a default time.
ation will run at the time of day specified. If you disable or do not configure this setting, a scheduled full scan to complete remediation wi
un at the time of day specified. If you disable or do not configure this setting, a scheduled scan will run at a default time.
ccurring. If you enable this setting, the check for definition updates will occur at the time of day specified. If you disable or do not configu
gh 5 = Severe Valid remediation action values are: 2 = Quarantine 3 = Remove 6 = Ignore
Remove 6 = Ignore

ompt users to take actions on malware detections.


rs to choose from the actions available for each threat. If you disable or do not configure this policy setting, Windows Defender automatic

scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no
uled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will b
red then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all th
If you disable or do not configure this setting, e-mail scanning will be disabled.

days specified. If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days.
ll be enabled. If you disable or do not configure this setting, reparse point scanning will be disabled.

ed by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Microso
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
nectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors. I
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search re
ters to security risks.
of the following options: Require approval from an administrator before running downloaded unknown software Give user a warning

nical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or Sam

arch options command, and they will not be able to open Folder Options. If you disable or do not configure this policy setting, users can o
n the Recyele Bin.
ators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials

en copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet ser
andard Open dialog box. If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog bo
Wordpad and, on the File menu, click Open. Note: In Windows Vista, this policy setting applies only to applications that are using the Win
indows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs th
etting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directo
tures of these tools. This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative
Folders that may be specified: Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
according to the path defined. If you disable or do not configure this policy setting, no changes are made to the location of the default Libr
according to the path defined. If you disable or do not configure this policy setting, no changes are made to the location of the default Libr

ault, the system displays shortcuts to the 10 most recently opened documents."
e or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explore
r connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other com
URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?
mpleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinne
rive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not restr
sers from connecting to another computer by typing the name of a shared folder in the Run dialog box. Note: This setting was documente
setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
rs from using other methods to configure DFS. If you disable or do not configure this policy setting, the DFS tab is available.

utton to resolve problems with the device.


nternet browser windows, such as the Internet Explorer window. If you disable or do not configure this policy setting, the Search button is
ers will be able to access the security tab.
nts folder is not displayed in the Web view or in My Computer. If you disable or do not configure this policy setting, the Shared Documents
nk when the user performs a search in the Explorer window.

confusing or distracting to some users. If you disable or do not configure this policy setting, users are allowed to turn on or off these mino
m as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrator
ain-joined, the file will be processed and default associations will be applied at logon time. If the group policy is not configured, disabled, o
to show through the Power Options Control Panel.

he Power Options Control Panel.

an be read by everyone.
will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be

s recommended to leave this protocol in the protected mode to increase the security of Windows. If you enable this policy setting the pro
s recommended to leave this protocol in the protected mode to increase the security of Windows. If you enable this policy setting the pro

her than "Date Modified" and "Size" * Disable view of file content snippets in Content mode when search results are returned * Disable ab
nfigure this setting, the Windows+X shortcut keys are available.
pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options. If you di
nt to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted. If you disable or do not

er the maximum amount of disk space to be used (in MB). To indicate that the cache size is unlimited, select "4294967295" as the maximu
nly during setup. -- "Scan during startup" also scans files each time you start Windows XP. This setting delays each startup. If you disable o

messages. If you disable or do not configure this policy setting, Windows Firewall makes no exception for messages sent by computers that
ock outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you must specify which ICM
ock outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you must specify which ICM
t of Control Panel, the "File and Printer Sharing" check box is selected and administrators cannot clear it. If you disable this policy setting, W
t of Control Panel, the "File and Printer Sharing" check box is selected and administrators cannot clear it. If you disable this policy setting, W
onal with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE to receive uns
onal with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE to receive uns
sktop" check box is selected and administrators cannot clear it. If you disable this policy setting, Windows Firewall blocks this port, which p
sktop" check box is selected and administrators cannot clear it. If you disable this policy setting, Windows Firewall blocks this port, which p
messages are allowed. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is selected and administrato
messages are allowed. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is selected and administrato
ble this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local port exceptions list
ble this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local port exceptions list
s list. If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local pr
s list. If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local pr
s (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log succes
s (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log succes
policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button. In the Show
policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button. In the Show
s to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Firewall to open, even if that port i
s to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Firewall to open, even if that port i
work connections" policy setting; otherwise, administrators who log on locally can work around the "Windows Firewall: Do not allow excep
work connections" policy setting; otherwise, administrators who log on locally can work around the "Windows Firewall: Do not allow excep
tify me when Windows Firewall blocks a new program" check box is selected and administrators cannot clear it. If you do not configure thi
tify me when Windows Firewall blocks a new program" check box is selected and administrators cannot clear it. If you do not configure thi
ther computers, Windows Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later
ther computers, Windows Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later
ministrators who log on locally cannot start it. If you do not configure this policy setting, administrators can use the Windows Firewall com
ministrators who log on locally cannot start it. If you do not configure this policy setting, administrators can use the Windows Firewall com

licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they
creen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cle
st be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected. The Config
tions are ignored if Autodetect is selected. The Configure button on the Network tab in the Player is not available and the protocol cannot b
onds that is specified is ignored. The "Use default buffering" and "Buffer" options on the Performance tab in the Player are not available. I
ons are ignored if Autodetect is selected. The Configure button on the Network tab in the Player is not available and the protocol cannot b
in skin mode by using the Player tab in the Player. When this policy is not configured and the Set and Lock Skin policy is enabled, some opti
users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. If you do not configure thi

ettings are used for the options on the Privacy tab unless the user changed the settings previously. If you disable or do not configure this p
configure this policy setting, users can configure the security settings on the Security tab.
t started. Some of the options can be configured by using other Windows Media Player group policies. If you disable or do not configure th
box and on the Privacy tab in the Player are not selected and are not available. If you disable or do not configure this policy setting, users
omatically check box is not available. If you do not configure this policy setting, users can change the setting for the Download codecs auto

you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.
e Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not availab
ot configure this policy setting, the Player automatically retrieves radio station presets from the Internet.
ary, and the Use Video Smoothing check box is selected and is not available. If you do not configure this policy setting, video smoothing oc
r's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The o
selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports whe
onfiguration. If both are present, the Computer Configuration version of this policy setting takes precedence.
onfiguration. If both are present, the Computer Configuration version of this policy setting takes precedence.
s Windows Messenger from that point on, Windows Messenger will be loaded. The user can also configure this behavior on the Preferenc
s Windows Messenger from that point on, Windows Messenger will be loaded. The user can also configure this behavior on the Preferenc
uthentication.

work, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP). If you disable or do not configur

e this policy setting, the WinRM client uses the Kerberos authentication directly.

word configuration value will be erased from the credential store on this computer. If you disable or do not configure this policy setting, the
figure the hardening level locally on each computer. If HardeningLevel is set to Strict, any request not containing a valid channel binding to
used to authenticate the identity of the host. If you disable or do not configure this policy setting and the WinRM client needs to use the
A listener might be automatically created on port 80 to ensure backward compatibility.
986. A listener might be automatically created on port 443 to ensure backward compatibility.

ting the open shell. If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.
nated when a new allocation exceeds the specified quota. If you disable or do not configure this policy setting, the value 150 is used by de

remote shells per user.

change using Settings in the Windows Store.

disabled, this policy has no effect.


tional, recommended, and important content for which they received a notification. Users will not see a User Account Control window and
tore of the local computer. If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location
ws Update will not alter its restart behavior. If the "No auto-restart with logged on users for scheduled automatic updates installations" pol
If the status is set to Enabled, Windows will check for available updates at the specified interval. If the status is set to Disabled or Not Confi
talling any updates. When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloa
lations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
ant the computer to do?' list. If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the d
ant the computer to do?' list. If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the d
o stop working. Note: This policy applies only when this PC is configured to connect to an intranet update service using the "Specify intran
gure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are av
gure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are av

cify multiple group names separated by semicolons. Otherwise, a single group must be specified. If the status is set to Disabled or Not Con
to be applied, then Windows Update will use the Windows Power management features to automatically wake the system up to install the
start the computer. Be aware that the computer needs to be restarted for the updates to take effect. If the status is set to Disabled or Not
d about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing
perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect. This policy ha
cheduled installation. If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is nex

me values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstatio

ed to do so.
If you enable this policy setting, a notification message will appear on the user's computer when featured software is available. The user c
u enable this setting, it prohibits Windows from searching for updates. If you disable or do not configure it, Windows searches for updates

amed pipe remote shutdown interface.


e of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a fol
can simulate the SAS. If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applicati
uccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This m
urs expire, if actions have been set to occur when the logon hours expire. Note: If you configure this setting, you might want to examine an

n hours. If you choose to log off a user, the user might lose unsaved data. If you enable this setting, the system will perform the action you
matically signed-in and the session is automatically locked with all the lock screen apps configured for that user. If you disable this policy se

ll not be automatically terminated during shutdown. If you disable or do not configure this setting, these applications will be automatically

ct to networks shared by my contacts" enables Windows to automatically connect to networks that the user's contacts have shared with th

straints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: Thi
k Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\
discovery, or the specific URL of the file server that stores the affected users' data. The "Force automatic setup" option specifies that Work

setting, a default value will be used, which administrators and users will be able to modify.
etting, a default value will be used, which administrators and users will be able to modify.
Quiet Hours settings. If you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Admins

ures will not be able receive notifications from the network from WNS or via notification polling APIs. If you enable this policy setting, notifi
ble to change this or any other Quiet Hours settings. If you do not configure this policy setting, Quiet Hours are enabled by default but ca

nfigure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts

of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed
f this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed
n. Note: Wild card characters cannot be used when specifying the host URLs.
asses all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certi
es not prevent users from using other methods to configure services. Note: When "Set up services" does not appear, clicking the Add/Rem

t users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user

g is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\W

vailable, to recommend their use, or to enable users to install them without having to search for installation files. If you enable this setting
his setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent
ilable to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users fr
mation on the Internet, such as the Microsoft Product Support Services Web page. If you disable this setting or do not configure it, the Sup
use Software Installation. If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Pro

S-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased. If the
ation using this interface.
y popular legacy applications, and will not block known incompatible applications from installing. (For Instance: This may result in a blue sc
re that telemetry collection has stopped for all applications, please reboot your machine.
Inventory Collector will be turned on. Note: This policy setting has no effect if the Customer Experience Improvement Program is turned o

tibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and a
disable or do not configure this policy setting, Steps Recorder will be enabled.
of compatibility of the applications they are using. If you disable or do not configure this policy setting, the Switchback will be turned on.
from loading User profiles for the Guest account and members of the Guests group If you enable this policy setting, Group Policy allows de

not configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
not configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
or do not configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling th
or do not configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling th

URI Rules.
ricted or Internet zone, Windows prompts the user before accessing the file. Low Risk: If the attachment is in the list of low-risk file types, W
h their zone information. If you do not configure this policy setting, Windows marks file attachments with their zone information.
heck box and Unblock button. If you do not configure this policy setting, Windows hides the check box and Unblock button.
ypes. If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk. If you do not configure this policy setti
ou disable this policy setting, Windows uses its default trust logic. If you do not configure this policy setting, Windows uses its default trust
tting, you can specify file types which pose a moderate risk. If you disable this policy setting, Windows uses its default trust logic. If you do
eing opened. If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened
estrictive recommendation which will cause users to see more trust prompts than choosing the other options. If you enable this policy setti
his policy setting, the process's command line information will not be included in Audit Process Creation events. Default: Not configured N
er autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setti
er autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setti
devices. If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This polic
devices. If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This polic

rom using biometrics to log on.


e in Windows. Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event tha
etting, biometrics cannot be used by any users to log on to a local Windows-based computer. Note: Users who log on using biometrics sho

es, BITS downloads them from the origin server. If you enable this policy setting, BITS downloads files from peers, caches the files, and res
han BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings fo
o not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to th
downloaded and cached files to its peers. Note: This setting has no effect if the "Allow BITS peer caching" setting is disabled or not configu
will be removed from the peer cache. Note: This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or not
rcent. If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size.
do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
u can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilo
r of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching. If you enable this policy setting, you can enter a valu
ower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of
y services and the local administrator account do not count toward this limit.
al administrator account do not count toward this limit.
account do not count toward this limit.
are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on uncos
riority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 K
ork schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low
ng period of time and still have pending jobs. Consider decreasing this value if you are concerned about orphaned jobs occupying disk spa

ds it. The resulting searches might make some programs start or run slowly. If you disable or do not configure this policy setting, the progr
ds it. The resulting searches might make some programs start or run slowly. If you disable or do not configure this policy setting, the progr
nd the Start screen. To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel item
ontext menu, a message appears explaining that a setting prevents the action.
le this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column,

nterprise, Education, and Server SKUs.


through Control Panel on the client computer. Second, the screen saver timeout is set to a nonzero value through the setting or Control Pa

hemes (if the Personalization Control Panel is available). Note: If this setting is enabled and the file is not available at user logon, the defau
name extension. If the screen saver file is not in the %Systemroot%\System32 directory, type the fully qualified path to the file. If the spec
protection on each screen saver. To ensure that a computer will be password protected, enable the "Enable Screen Saver" setting and spe
dialog is available in the Personalization or Display Control Panel. For systems prior to Windows Vista, this setting hides the Appearance an

per. Refer to KB article: Q327998 for more information. Also, see the "Allow only bitmapped wallpaper" setting.

rt background" policy is also set on a supported version of Windows, then that background takes precedence over this policy.
tem default.

ialog of the client computer's Personalization or Display Control Panel specifies a valid existing screen saver program on the client. When n
his policy setting, the default user account picture will display for all users on the system with no customization allowed. If you disable or d
dition, if a password is required when a screensaver turns on, the screensaver timeout will limit the allowable options the user may choose

nt than the domain to which the computer is joined. If you disable or do not configure this policy setting, the default logon domain is alw
an specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication purp

main user can't set up and use a convenience PIN. Note that the user's domain password will be cached in the system vault when using thi
ws. If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Ap
ne. Note: The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service
n, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). If you disable this po
s is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). If you disable this policy setting, delegation of fresh
al authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). If yo
saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a membe
vice Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single w
e Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a sin
et to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated
tting, restricted mode is not enforced and participating apps can delegate credentials to remote computers. Note: To disable most credentia
d entry text box. To display the password, click the password reveal button. The policy applies to all Windows components and application
d entry text box. To display the password, click the password reveal button. The policy applies to all Windows components and application

tting, users will enter Windows credentials within the users desktop session, potentially allowing malicious code access to the users Windo

nd then click Lock this computer.

events the action. If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor
ure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" pol
or example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}. If you enter a non-existent or improperly formatted appid DCOM will add it to the

is setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not
r Configuration\Administrative Templates\Control Panel\Display) settings.
ecified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use th
omponents\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.

Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.
name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not a

m saving data to the Desktop.

do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. This setting is d
ars" setting.

his setting, Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the user
e changes to this setting effective, you must log off from and log back on to Windows 2000 Professional.

king the Desktop tab and then clicking the Customize Desktop button.
machine account (LOCAL SYSTEM) must have access permission to the policy file. If using a signed and protected policy then disabling th
s is enabled kernel mode memory protections are enforced and the Code Integrity validation path is protected by the virtualization based s
desktop server. If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy setting
ate, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of t
unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs
rs group are allowed to install new device drivers on the system.

tem to proceed with the installation even if it includes unsigned files. -- "Warn" notifies the user that files are not digitally signed and lets

u disable or do not configure this policy setting, Windows creates a system restore point as it normally would.
ce driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installatio
es from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed
tion of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy settin
m installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a rem
ioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was cre

s the installation location, floppy drives, and CD-ROM drives. Note: To prevent searching Windows Update for drivers also see "Turn off Wi

er Windows retrieves device metadata from the Internet.

ice, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driv
his policy setting, members of the Administrators group can determine the server used in the search for device drivers.

ows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Window
ows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Window
nutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.

This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Serv
o minimize potential data loss. If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. If y
e a slight increase in the time taken for shutdown and hibernate. If you do not configure this policy setting, the default behavior is observe
: This policy setting is applicable only if the NV cache feature is on.
nable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode. If you disable this po
gure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. Note: Th

a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes. Note: This policy setti
mit is not enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quo
rs cannot change the setting while a setting is in effect. If you do not configure this policy setting, no events are recorded, but administrato
not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This
es the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. This policy setti

p" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified mu

ied connection specific DNS suffix, if configured.


tting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS
rosoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com." To use this policy setti
dynamic DNS registration, and this policy setting must not be disabled. If you disable this policy setting, computers may not use dynamic D

nding order. If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the
ol panel. You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix. If you disab
S suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes rad
n name. The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and
rimary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com. If you enable this policy setting, a computer will regi
r: Computers will not attempt to register PTR resource records. Register: Computers will attempt to register PTR resource records even if r
delete stale records. Warning: If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the
A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client.
computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).

policy setting, LLMNR will be disabled on all available network adapters on the client computer. If you disable this policy setting, or you do
s first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. If you disable this policy settin
ng, the DNS client will prefer link local responses for flat name queries on non-domain networks. Note: This policy setting is applicable onl
y in this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By d
eeds to update, except the root zone. If you disable this policy setting, or if you do not configure this policy setting, computers do not send

anging this policy setting requires a logoff for it to be applied.


anging this policy setting requires a logoff for it to be applied.

that cannot be changed by users.


that cannot be changed by users.

te: Changes to this setting will not take effect until the user logs off.
AIJI) 0x0200 // S-JIS unmapped area 0x0400 // Unicode char 0x0800 // surrogate char 0x1000 // IVS char 0xFFFF // no definition. If you
clears self-tuned words from the custom dictionary. This policy setting is applied to Japanese Microsoft IME and Simplified Chinese Micro

ng, Open Extended Dictionary can be added and used by default. This policy setting is applied to Japanese Microsoft IME and Simplified Ch

s been identified as malware, but the computer cannot successfully boot without loading this driver. - Unknown: This driver has not been
be listed in the menu by default, and users can configure this setting.
he user can configure this setting.

pts those files automatically.

tting, Windows Error Reporting sends error reports to Microsoft.

configured, then Control Panel settings for Windows Error Reporting override this policy setting. If you enable this policy setting, the settin
re older reports are automatically deleted. If you disable or do not configure this policy setting, no Windows Error Reporting information is
re older reports are automatically deleted. If you disable or do not configure this policy setting, no Windows Error Reporting information is
the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel
the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel
this event type. - 1 (Always ask before sending data): Windows prompts the user for consent to send reports. - 2 (Send parameters): Wind
this event type. - 1 (Always ask before sending data): Windows prompts the user for consent to send reports. - 2 (Send parameters): Wind
s in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. The

ng in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings t


ng in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings t
no notification. Disabling this policy setting is useful for servers that do not have interactive users. If you do not configure this policy setting

than one CAB file for a report that contains data about the same event types.
than one CAB file for a report that contains data about the same event types.

cy setting is configured to report all application errors. If you enable this policy setting, you can create a list of applications that are always
file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Excl
file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Excl
mple: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are n
or Reporting policy setting.
configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data unti
configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data unti

humb print of the client authentication certificate>. When using the HTTP protocol, use port 5985. If you disable or do not configure this p
etting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
etting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
etting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
etting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
tting to enforce this change across all tools and APIs.
dministrators can read or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The same change should
tting to enforce this change across all tools and APIs.
can read events from it. Note: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the

ublic key that they were encrypted with. If you disable or do not configure this policy setting, components will not encrypt event log messa

event the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration. If

system restart is required. This behavior is recommended for headless operation. Troubleshooting Only: Detection and troubleshooting o
main name format. Example value: Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy If you enable this policy setting, the a

are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files cre
e: This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", no
re is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interfa
opied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a met
omain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. If yo
omain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. If yo
gure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these su
gure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these su

setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting.
or resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. This policy

heduled clean up task.


ater than the specified value are interpreted as being preceded by 19. For example, the default value, 2029, specifies that all two-digit year
-user policy settings. To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
-user policy settings. To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
abled for their user account on the sign-in page.
ven if this policy setting is not configured. If you enable this policy setting, the user cannot select a custom locale as their user locale, but t
ven if this policy setting is not configured. If you enable this policy setting, the user cannot select a custom locale as their user locale, but t
user overrides. If this policy setting is disabled or not configured, then the user can customize their user locale overrides. If this policy is se
user overrides. If this policy setting is disabled or not configured, then the user can customize their user locale overrides. If this policy is se
iction of a specific language used for the Windows menus and dialogs.
nfigure this policy setting, the user can see the Administrative options. Note: Even if a user can see the Administrative options, other polic
a user can see the GeoID option, the "Disallow changing of geographical location" option can prevent them from actually changing their cu
anguage. Note: Even if a user can see the option to change the UI language, other policy settings can prevent them from changing their UI
e user locale.
a, use the "Restricts the UI languages Windows should use for the selected user" policy setting. If you disable or do not configure this polic
cale to English (United States) and English (Canada). If you enable this policy setting, administrators can select a system locale only from th
;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Ca
;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Ca
can specify which UI language is used.
o not configure this policy setting, there is no restriction on which language users should use. To enable this policy setting in Windows Ser
lity and function of this setting is dependent on supported languages being enabled.
ew words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content o
ew words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content o
tion of this setting is dependent on supported languages being enabled.
ured, then the user will be free to change the setting according to their preference. Note that the availability and function of this setting is
e. Note that the availability and function of this setting is dependent on supported languages being enabled.
forest. A warning message appears to the user, and an event log message (1529) is posted. - Loopback Group Policy processing is applied,
DM files. - If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO. You can cha
Existing users will be logged on using cached credentials, which will result in shorter logon times. Group Policy will be applied in the backg
dwidth speed is detected, Group Policy will default to a slow network connection. This policy setting allows the administrator the option to
g, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the upd
stem. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted acr
enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy settin
up Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy informatio
e domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use. "Use any available dom
s you override the programs' specified responses to slow links. If you enable this setting, you can, in the "Connection speed" box, type a d
s you override the programs' specified responses to slow links. If you enable this setting, you can, in the "Connection speed" box, type a d
ble or do not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option
ot configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates th
fter logon. If you do not configure this policy setting, Group Policy will wait five minutes before running logon scripts.
ground processing" option prevents the system from updating affected policies in the background while the computer is in use. When bac
a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, suc
ot apply during periodic background processing" option prevents the system from updating affected policies in the background while the c
t was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not confi
y Objects determine which set of Group Policy Objects applies. If you enable this setting, you can select one of the following modes from t
m. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across
he system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitte

nks are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the obje
SoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the com
SoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the com

When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy in
on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear. If y

setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this poli

ate rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, b
dates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations. I
minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates migh
Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time. If you d
etting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or syste
Changing the status of this setting to Enabled will keep any source files from copying to the GPO. Changing the status of this setting to Disa
nd "Set Group Policy refresh interval for users" policy settings. Note: If you make changes to this policy setting, you must restart your comp

Local GPOs continue to be applied. Note: For computers joined to a domain, it is strongly recommended that you only configure this policy
n. Note: To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (

rity is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update i
s, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extensio
priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the upd
ors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extens
Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted
for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed under
ity is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is
and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension l
ound processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items ev
ors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extens
The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a s
xtension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Con
(GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connec
nd errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference e
otes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted a
or this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed under U
Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitte
for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed under
y is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is t
g for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed unde
ed. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option update
s extension includes only warnings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform
Os) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection
nings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this prefe
ocessing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when
s and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preferenc
changed. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option u
nd errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference e
ects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network con
for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed under
processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even w
nings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this prefe
" Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitt
g for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed unde
e unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" opti
gs and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preferen
Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitte
g for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed unde
dle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transm
acing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed u
ity is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is
and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension li
preference extensions. If you disable this policy setting, you prohibit use of Applications snap-ins, and new Application preference items ca
policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins"
Control Panel Settings for Computer Configuration. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list o
ol Panel Settings for User Configuration. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins"
d list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this
of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this polic
olicy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins"
policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins
etting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy s
tted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure th
y setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" polic
y setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" poli
policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference ext
y permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not con
mitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure
his policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-
tted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure th
you disable this policy setting, you prohibit use of the Preferences tab. If you do not configure this policy setting, you permit use of the Pre
of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this polic
policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference ex
y setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" pol
tted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure
cy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference exten
icy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" po
setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference extensio
ure this policy setting, Windows Server applies user Group Policy settings synchronously. Note: This policy setting applies only to computer
policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separ
lable in Computer Configuration\Security Settings. Note: This policy setting is available under Computer Configuration and User Configur
lable in Computer Configuration\Security Settings. Note: This policy setting is available under Computer Configuration and User Configur
ML Help Executable. If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an add

y probed for WISPR protocol support. If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and use
setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
vents Device Manager from automatically installing driver updates from the Windows Update website. If you disable or do not configure t
the user is allowed to use the Store service and the Store item is available in the Open With dialog.
the user is allowed to use the Store service and the Store item is available in the Open With dialog.
is policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Wind
ownload print drivers over HTTP.
ownload print drivers over HTTP.
If you enable this policy setting, event description hyperlinks are not activated and the text "More Information" is not displayed at the end
you know?" content. You might want to enable this policy setting for users who do not have Internet access, because the content in the "D
s searched. If you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Intern

ocal registry are displayed. If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the
ocal registry are displayed. If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the
gure this policy setting, the user is allowed to use the Web service.
gure this policy setting, the user is allowed to use the Web service.
ng, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration/A
ng, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration/A
wever, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you liv
Companion downloads content updates unless the user is using Classic Search. Note: Internet searches still send the search text and inform

mation are not shown. If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not
mation are not shown. If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not
If you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program. If you disable this p
he Control Panel for error reporting. Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Rep
d of other components that use NCSI, to determine Internet access. If you disable or do not configure this policy setting, NCSI runs one of t
mpt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for de
uter. If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
u disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If y
chScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administra
chScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administra

u can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following inform
u can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following inform
in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-ap
in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-ap
ses will not respect add-on management user preferences or policy settings.
ses will not respect add-on management user preferences or policy settings.

nable this policy setting, Consistent Mime Handling is enabled for all processes. If you disable or do not configure this policy setting, Consi
nable this policy setting, Consistent Mime Handling is enabled for all processes. If you disable or do not configure this policy setting, Consi
hine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process
hine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process

or all processes other than File Explorer or Internet Explorer. If you do not configure this policy setting, no policy is enforced for processes
or all processes other than File Explorer or Internet Explorer. If you do not configure this policy setting, no policy is enforced for processes
the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.
the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.

licy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
licy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.

pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
tion bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaff
tion bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaff
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d
pear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If you d

al Machine zone to run.


al Machine zone to run.
al Machine zone to run.
al Machine zone to run.
al Machine zone to run.
al Machine zone to run.

al Machine zone to run.


al Machine zone to run.

plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not ava
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not ava
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-app
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not ava
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not ava
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
plications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are availab
ed on the General tab in Internet Options. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting ha
ed on the General tab in Internet Options. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting ha
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
d to choose whether to drag or copy files from this zone.
d to choose whether to drag or copy files from this zone.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
d to choose whether to drag or copy files from this zone.
d to choose whether to drag or copy files from this zone.
files or copy and paste files from this zone automatically.
files or copy and paste files from this zone automatically.
configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.
configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.
etting, users will be prompted when Web Components such as fonts would be downloaded. If you do not configure this policy, users will b
etting, users will be prompted when Web Components such as fonts would be downloaded. If you do not configure this policy, users will b
hether to install desktop items from this zone.
hether to install desktop items from this zone.
hether to install desktop items from this zone.
hether to install desktop items from this zone.
s from this zone automatically.
s from this zone automatically.
hether to install desktop items from this zone.
hether to install desktop items from this zone.
hether to install desktop items from this zone.
hether to install desktop items from this zone.
s from this zone automatically.
s from this zone automatically.
alling desktop items from this zone.
alling desktop items from this zone.
s from this zone automatically.
s from this zone automatically.
alling desktop items from this zone.
alling desktop items from this zone.
s from this zone automatically.
s from this zone automatically.

pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
pted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behav
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
or loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this beh
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files ins
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirecte
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirecte
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirecte
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirecte
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to
addition, users won't be able to change the Suggestions setting on the Settings charm. If you don't configure this policy setting, users can c
addition, users won't be able to change the Suggestions setting on the Settings charm. If you don't configure this policy setting, users can c
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not
ature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not

with an invalid signature.


with an invalid signature.
y setting is enabled. If you disable this policy setting, placeholders will not appear for graphical images while the images are downloading.
nternet Explorer automatically launches any browser helper objects that are installed on the user's computer.
nternet Explorer automatically launches any browser helper objects that are installed on the user's computer.
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you do n
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.
bar or Address bar.

cy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Setti
cy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Setti
his policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website D
his policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website D
licy setting, Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used. If you don't configure the policy setti
licy setting, Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used. If you don't configure the policy setti
cy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Rating
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
X control they do not have installed.
X control they do not have installed.
X control they do not have installed.
X control they do not have installed.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
tion bar. Users can click on the Notification bar to allow the ActiveX control prompt.
X control they do not have installed.
X control they do not have installed.
llow the file download prompt.
llow the file download prompt.

llow the file download prompt.


llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.
llow the file download prompt.

u enable this policy setting, newly installed add-ons are automatically activated in the browser. If you disable or do not configure this polic
u enable this policy setting, newly installed add-ons are automatically activated in the browser. If you disable or do not configure this polic
check the Internet for new versions of the browser, so does not prompt users to install them. If you do not configure this policy setting, Int
check the Internet for new versions of the browser, so does not prompt users to install them. If you do not configure this policy setting, Int
rocess on the computer attempts to perform a Clipboard operation. If you do not configure this policy setting, current values of the URL ac
rocess on the computer attempts to perform a Clipboard operation. If you do not configure this policy setting, current values of the URL ac
tting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation. If you
tting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation. If you
tor-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click In

ve been revoked. If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been rev
ve been revoked. If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been rev
gnatures of executable programs or display their identities before downloading them to user computers. If you do not configure this policy
gnatures of executable programs or display their identities before downloading them to user computers. If you do not configure this policy
er Bar. Administrators also have the ability to turn the auto-play feature on or off. This setting only applies if the Media Explorer Bar is ena

nd buttons have only icons. If you disable or do not configure this policy setting, the command buttons show selective text by default, and
nd buttons have only icons. If you disable or do not configure this policy setting, the command buttons show selective text by default, and

at policy setting. If you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are not b
at policy setting. If you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are not b
manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons a
manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons a
tor-approved Active-X controls and plug-ins under security zones. If you disable this policy or do not configure it, this control will not be de
ages in the History List. Users can not delete browsing history. If you disable or do not configure this policy setting, a user can set the numb
ages in the History List. Users can not delete browsing history. If you disable or do not configure this policy setting, a user can set the numb
not configure it, users can add channels to the Channel bar or to their desktop. Note: Most channel providers use the words Add Active Ch
for organizations that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in User Configu
is policy, then Web pages can be updated on the schedules specified on the Schedule tab. This policy is intended for organizations that are
he Settings button.

his policy, because the "Disable the General page" policy removes the General tab from the interface.
onents\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Advanced page" policy remo
no configure this policy setting, the user will have the freedom to automatically configure these settings.
no configure this policy setting, the user will have the freedom to automatically configure these settings.
policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel) takes pre
dministrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Ex
trative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disabl
s page" policy removes the Connections tab from the interface.
s page" policy removes the Connections tab from the interface.
default. This policy is intended for organizations that do not want users to determine which browser should be their default. The "Disable
nternet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the
ed and users can choose their own home page.
" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do
ndows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" p
he Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Cont
he Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
e Page Settings policy is enabled, the user cannot add secondary home pages.
e Page Settings policy is enabled, the user cannot add secondary home pages.
d in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to se

or do not configure it, users can customize which buttons appear on the Internet Explorer and File Explorer toolbars. This policy can be use
events users from adding or removing toolbars from Internet Explorer.
s policy or do not configure it, content will not be prevented from being downloaded. The "Disable downloading of site subscription conte
policy or do not configure it, users can add, remove, and edit schedules for Web sites and groups of Web sites. The "Disable editing sched
ting that the command is unavailable. If you disable this policy or do not configure it, users can edit an existing schedule for downloading W
t browser across an organization.
not be able to use the Import/Export Settings wizard. If you disable or do not configure this policy setting, the user will be able to use the
not be able to use the Import/Export Settings wizard. If you disable or do not configure this policy setting, the user will be able to use the
ettings by running the Internet Connection Wizard. Note: This policy overlaps with the "Disable the Connections page" policy (located in \U

e menu, pointing to New, and then clicking Window. Note: When users click the Open in New Window command, the link will not open in
ting users from being notified about new versions of the browser.
nization. Note: This policy does not prevent users from removing active content from the desktop interface.
click Synchronize, and then click the Properties button. If you disable this policy or do not configure it, users can remove the preconfigure

olicy is intended for administrators who want to use Software Distribution Channels to update their users' programs without user interventi
ecause this policy removes the Advanced tab from the interface.
ecause this policy removes the Advanced tab from the interface.
vent changing proxy settings" "Disable changing Automatic Configuration settings"
vent changing proxy settings" "Disable changing Automatic Configuration settings"

policy removes the General tab from the interface: "Disable changing home page settings" "Disable changing Temporary Internet files setti
policy removes the General tab from the interface: "Disable changing home page settings" "Disable changing Temporary Internet files setti

settings" "Disable the Reset Web Settings feature" "Disable changing default browser check"
settings" "Disable the Reset Web Settings feature" "Disable changing default browser check"
Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
policies" "Security zones: Do not allow users to add/delete sites"
policies" "Security zones: Do not allow users to add/delete sites"

rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
rompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://)
protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8,
protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8,

setting, the appropriate controls in the Add-On Manager will be available to the user.
setting, the appropriate controls in the Add-On Manager will be available to the user.
rm or web application. If you disable or do not configure this policy setting, the reveal password button can be shown by the application as
rm or web application. If you disable or do not configure this policy setting, the reveal password button can be shown by the application as
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they conne
you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they conne
you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they conne
you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they conne
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a We
you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they conne
you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they conne
this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavi
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
orer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
can download signed controls without user intervention.
can download signed controls without user intervention.
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently download
can download signed controls without user intervention.
can download signed controls without user intervention.
d controls cannot be downloaded.
d controls cannot be downloaded.
can download signed controls without user intervention.
can download signed controls without user intervention.
d controls cannot be downloaded.
d controls cannot be downloaded.
can download signed controls without user intervention.
can download signed controls without user intervention.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers can run unsigned controls without user intervention.
ers can run unsigned controls without user intervention.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers cannot run unsigned controls.
ers are queried to choose whether to allow the unsigned control to run.
ers are queried to choose whether to allow the unsigned control to run.
rnet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed. If you do not co
rnet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed. If you do not co
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
tion are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not configure
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
e in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy setti
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions that
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
urned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sniffin
pying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, feeds,
pying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, feeds,
ble or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then click
ble or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then click
able or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and then c
able or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and then c

ing a new browser window by right-clicking, and then clicking the Open in New Window command. To prevent users from using the shortc
n in New Window command. To prevent users from opening Web pages by using the shortcut menu, set the "Disable Open in New Window
y the Save Web Page dialog box, users click the File menu, and then click the Save As command. If you disable this policy or do not configu
does not prevent users from saving the text of a Web page. Caution: If you enable this policy, users are not prevented from saving Web co

you enable this policy, users also cannot click Synchronize on the Tools menu (in Internet Explorer 6) to manage their favorite links that are
figure it, users can set up and change identities.
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
g a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or she
s dialog box. If you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the featur
s dialog box. If you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the featur
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
own box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Active
ed by MD2 and MD4 signing technologies.
ed by MD2 and MD4 signing technologies.

re this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.
re this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.
nable this policy setting, Internet Explorer requires consistent MIME data for all received files. If you disable this policy setting, Internet Ex
nable this policy setting, Internet Explorer requires consistent MIME data for all received files. If you disable this policy setting, Internet Ex
his policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer. If you disable this po
his policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer. If you disable this po

setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
y adding the value names http and https. If you disable this policy setting, restricting content obtained through restricted protocols is preve
y adding the value names http and https. If you disable this policy setting, restricting content obtained through restricted protocols is preve
Internet Explorer Processes.
Internet Explorer Processes.
hen navigating within or across domains for Internet Explorer processes.
hen navigating within or across domains for Internet Explorer processes.
on by Internet Explorer processes. If you disable this policy setting, no zone receives such protection for Internet Explorer processes. If you
on by Internet Explorer processes. If you disable this policy setting, no zone receives such protection for Internet Explorer processes. If you

popup windows and windows that obfuscate other windows. If you do not configure this policy setting, popup windows and other restric
popup windows and windows that obfuscate other windows. If you do not configure this policy setting, popup windows and other restric
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
ther to force local sites into the Intranet Zone.
ther to force local sites into the Intranet Zone.

active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click Use
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
ables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets canno
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti
prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy setti

active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked

Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo
Ds and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic logo

s to control the placement and appearance of Windows pop-up menus on Web pages -- Popup Menu Object - enables Web authors to add
proved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click Interne
each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and the
, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings,
then click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Mo
ator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click I
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
er domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows and
er domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows and
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
er domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows and
er domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows and
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from o
and then click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then clic
efault web browser through the Tell me if Internet Explorer is not the default web browser check box on the Programs tab in the Internet O

rer will play animated pictures found in Web content.


rer will play animated pictures found in Web content.
found in Web content.
found in Web content.

ou will not be able to provide a default Pop-up Blocker exception list. Note: You can disable users from adding or removing websites to the
ou will not be able to provide a default Pop-up Blocker exception list. Note: You can disable users from adding or removing websites to the
sing Help. If you enable this policy setting, the menu bar is above the navigation bar. The user cannot interchange the positions of the men

e Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm.
e Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm.

mmand bar and F1 to access Help.


mmand bar and F1 to access Help.
el. You may also want to enable the "Prevent managing pop-up exception list" and "Turn off pop-up management" policy settings to preven
el. You may also want to enable the "Prevent managing pop-up exception list" and "Turn off pop-up management" policy settings to preven

policy setting, the user can configure how windows open when he or she clicks links from other applications.
policy setting, the user can configure how windows open when he or she clicks links from other applications.
created by default.
created by default.
t of search results is displayed in the main window. If you disable or do not configure this policy setting, the user can specify what action a
t of search results is displayed in the main window. If you disable or do not configure this policy setting, the user can specify what action a
u enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-res
u enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-res
tering data, Tracking Protection data, and Do Not Track exceptions stored for visited websites. This feature is available in the Delete Brows
tering data, Tracking Protection data, and Do Not Track exceptions stored for visited websites. This feature is available in the Delete Brows
enabled by default.
enabled by default.
policy setting is enabled, this policy setting is enabled by default.
policy setting is enabled, this policy setting is enabled by default.
tting is enabled, this policy setting has no effect.
tting is enabled, this policy setting has no effect.
ng is enabled by default.
ng is enabled by default.
user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data wh
user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data wh
etting is enabled by default.
etting is enabled by default.
Browsing History" policy setting is enabled, this policy setting is enabled by default.
Browsing History" policy setting is enabled, this policy setting is enabled by default.
elete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
elete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
nload setting through the Feed APIs.
nload setting through the Feed APIs.

ucture. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.
ucture. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.

to decide whether to turn on SmartScreen Filter during the first-run experience.


to decide whether to turn on SmartScreen Filter during the first-run experience.
fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user. If
fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user. If

isplay regardless of which option is chosen. If you disable or do not configure this policy setting, Internet Explorer may run the First Run wi
isplay regardless of which option is chosen. If you disable or do not configure this policy setting, Internet Explorer may run the First Run wi

pher strength update information URL. If you disable or do not configure this policy setting, the user can specify the cipher strength update

bscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or We
bscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or We
wsing session. If you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.
wsing session. If you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.

management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings
management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings
haviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is
haviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is
licy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable
licy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable
er a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name
er a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name
or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Exp
or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Exp
d. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE process
d. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE process
icted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is
icted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is
me of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer p
me of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer p
Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use th
Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use th
h they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, elevation to more priv
h they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, elevation to more priv
list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the p
list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the p
processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting
processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting
uch windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the ex
uch windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the ex

, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear a
, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear a
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
mponents. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure this
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
s. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy setti
licy is intended for situations in which administrators do not want users to explore the Internet or the hard disk. This policy can be used in
ttings for the Local Intranet zone. This policy prevents users from changing site management settings for security zones established by the
Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab f
"Security zones: Do not allow users to change policies" policy.

ain names are converted to IDN format only for addresses that are in the Intranet zone. 3) Unicode domain names are always converted to
ain names are converted to IDN format only for addresses that are in the Intranet zone. 3) Unicode domain names are always converted to
policy setting, you provide the cache limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Explorer will allow truste
policy setting, you provide the cache limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Explorer will allow truste
ault application cache expiration time limit for all application caches. The default is 30 days.
ault application cache expiration time limit for all application caches. The default is 30 days.

setting, you provide the cache limit, in MB. The default is 500 MB. If you enable this policy setting, Internet Explorer will allow trusted dom
setting, you provide the cache limit, in MB. The default is 500 MB. If you enable this policy setting, Internet Explorer will allow trusted dom
file entries are less than or equal to the size set in this policy setting. If you disable or do not configure this policy setting, Internet Explorer
file entries are less than or equal to the size set in this policy setting. If you disable or do not configure this policy setting, Internet Explorer
nternet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page tha
nternet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page tha
ble or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The defau
ble or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The defau
ou disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. Th
ou disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. Th
rating system and amount of physical memory. We recommend the default setting. The second algorithm must be explicitly enabled throu
rating system and amount of physical memory. We recommend the default setting. The second algorithm must be explicitly enabled throu

k Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Setti

re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
re this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone
efault settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restric
efault settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restric
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages
(but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packages

a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session. If you
a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session. If you
s policy setting, the user can decide whether the Internet Connection Wizard should start automatically.
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not confi
ine Pages option determines how many levels of a Web site are searched for new information, it does not change the user interface in the
menu. Caution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in Wi
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no protoc
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew
setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Framew

other internal security checks. If you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.
other internal security checks. If you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.
t notified when the average time to load all the user's enabled add-ons exceeds the threshold. If you disable or do not configure this polic
t notified when the average time to load all the user's enabled add-ons exceeds the threshold. If you disable or do not configure this polic
Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. If you disable, or do not configure this po
Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. If you disable, or do not configure this po

For example, if you want to include http://example, use "example" 3. "file:///path/filename.htm". For example, use "file:///C:/Users/cont
For example, if you want to include http://example, use "example" 3. "file:///path/filename.htm". For example, use "file:///C:/Users/cont

on can be turned on or off on the Privacy tab in Internet Options.


on can be turned on or off on the Privacy tab in Internet Options.

windows in tabbed browsing.


windows in tabbed browsing.

n. This policy setting has no effect if Windows has been configured to enable Data Execution Prevention.
do not configure this policy setting, Data URI support can be turned on or off through the registry.
do not configure this policy setting, Data URI support can be turned on or off through the registry.
g, when there is a problem connecting with an Internet server, the user sees a detailed description with hints about how to correct the pro

nd they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunn
nd they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunn

tting, the first-run prompt is turned off by default.


tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned on by default.
tting, the first-run prompt is turned on by default.
tting, the first-run prompt is turned on by default.
tting, the first-run prompt is turned on by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned off by default.
tting, the first-run prompt is turned on by default.
tting, the first-run prompt is turned on by default.
nload placeholders" policy setting must be disabled if this policy setting is enabled. If you disable this policy setting, images appear. The us
setting, a user will have the freedom to turn on or off Inline AutoComplete for File Explorer.

lable for use. If you do not configure this policy setting, it can be configured through the registry.
lable for use. If you do not configure this policy setting, it can be configured through the registry.
behavior on or off, using Internet Explorer settings. This feature is turned on by default
behavior on or off, using Internet Explorer settings. This feature is turned on by default
sable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-run e
sable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-run e
ernet Explorer up to and including Internet Explorer 8.

efault is on.
efault is on.
e this policy setting, the popup management feature will be functional.
e this policy setting, the popup management feature will be functional.
ure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explorer w
ure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explorer w
eing prompted. If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile Assist
eing prompted. If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile Assist

The user cannot change this policy setting. If you do not configure this policy setting, the user can allow or prevent the sending of the path
re this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Options settings. The default is to encode all q
re this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Options settings. The default is to encode all q
ou do not configure this policy setting, the user can turn on or turn off tabbed browsing.
ou do not configure this policy setting, the user can turn on or turn off tabbed browsing.

eedom to choose to turn the auto-complete setting for web-addresses on or off.


eedom to choose to turn the auto-complete setting for web-addresses on or off.
xt webpage is loaded into the background. If you don't configure this setting, users can turn this behavior on or off, using the Settings charm
xt webpage is loaded into the background. If you don't configure this setting, users can turn this behavior on or off, using the Settings charm

e WebSocket object. If you disable or do not configure this policy setting, websites can request data across domains by using the WebSock
e WebSocket object. If you disable or do not configure this policy setting, websites can request data across domains by using the WebSock
sites can request data across domains by using the XDomainRequest object.
sites can request data across domains by using the XDomainRequest object.
s. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice. If you disable
s. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice. If you disable
on is available for use. If you do not configure this policy setting, it can be configured through the registry.
on is available for use. If you do not configure this policy setting, it can be configured through the registry.
nfigure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Optio
nfigure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Optio
isable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user can
isable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user can
nternet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don't co
nternet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don't co

tering on or off.
tering on or off.
utomatically detect the intranet through the intranet settings dialog in Control Panel.
utomatically detect the intranet through the intranet settings dialog in Control Panel.
ocess after the branding is complete for ISPs (IEAK). The user cannot change this behavior. If you do not configure this policy setting, the us
ecure HTTP connection. A developer cannot change this policy setting through the Feed APIs.
ecure HTTP connection. A developer cannot change this policy setting through the Feed APIs.
this policy setting, Caret Browsing support can be turned on or off through the registry.
this policy setting, Caret Browsing support can be turned on or off through the registry.
ears (by using the Advanced page in the Internet Control panel).
ears (by using the Advanced page in the Internet Control panel).
nge the logging settings.
nge the logging settings.
de. If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the v
de. If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the v
AutoComplete. By default, inline AutoComplete is turned off for Windows Vista, Windows 7, Internet Explorer 7, and Internet Explorer 8. B
lorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Int
lorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Int
able this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intrane
able this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intrane

site that is being treated as though it is in the Internet zone. If this policy setting is not configured, a Notification bar notification appears f
site that is being treated as though it is in the Internet zone. If this policy setting is not configured, a Notification bar notification appears f
turn it on. If you do not configure this policy setting, the user can turn on or turn off the printing of background colors and images.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
tected Mode.
rn on script debugging. If you do not configure this policy setting, the user can turn on or turn off script debugging.

Filter scans pages in this zone for malicious content.


Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
Filter scans pages in this zone for malicious content.
figure this policy setting, the user can turn on and turn off the Suggested Sites feature.
figure this policy setting, the user can turn on and turn off the Suggested Sites feature.

ly because of problems with its scripting. The user cannot change this policy setting. If you do not configure this policy setting, the user ca
dvanced tab, and then under International, select the "Use UTF-8 for mailto links" check box.
dvanced tab, and then under International, select the "Use UTF-8 for mailto links" check box.
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy
mation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this policy

users from viewing the HTML source of a Web page from the shortcut menu, set the "Turn off Shortcut Menu" policy, which disables the e
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
f you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zon
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
licy, Tablet PC users can report handwriting recognition errors to Microsoft. If you do not configure this policy Tablet PC users can report ha
licy, Tablet PC users can report handwriting recognition errors to Microsoft. If you do not configure this policy Tablet PC users can report ha

domain. If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or

e domain controller does not provide information about previous logons unless the "Display information about previous logons during user
lied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do not configure this policy setti
setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found,
his value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest Ma
that support compound authentication always send a compound authentication request. If you disable or do not configure this policy setti
m name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapping
x in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names of
revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails.
AS) and ticket-granting service (TGS) message exchanges with the domain controllers. Note: The Kerberos Group Policy "Kerberos client su
able or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded a
hat the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain
different from LocalSystem or NetworkService might fail to authenticate. If you disable or do not configure this policy setting, any service is
lly allowed maximum value, whichever is smaller. If you disable or do not configure this policy setting, the Kerberos client or server uses th
Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the approp
will be configured for compound authentication by the following options: Never: Compound authentication is never provided for this com
ter account authentication using certificates then authentication with password will be attempted. Force: Device will always authenticate

ne cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites yo
n members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setti

hed Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by de

ected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow
" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a networ

omes available. Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two lo

oot/Shutdown/Logon/Logoff status messages"" policy setting is enabled.

nly to Windows 2000 Professional. It does not affect the ""Configure Your Server on a Windows 2000 Server"" screen on Windows 2000 Se
nly to Windows 2000 Professional. It does not affect the ""Configure Your Server on a Windows 2000 Server"" screen on Windows 2000 Se

nfigure this policy setting, Windows Vista adds any customized run list configured to its run list. This policy setting appears in the Computer
nfigure this policy setting, Windows Vista adds any customized run list configured to its run list. This policy setting appears in the Computer
Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes pre
Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes pre

ss the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file. If you disable or do not configure t
ss the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file. If you disable or do not configure t
ms while using Microsoft Edge.
ms while using Microsoft Edge.

equests to websites asking for tracking info.


equests to websites asking for tracking info.

the Address bar of Microsoft Edge.


the Address bar of Microsoft Edge.

compatibility problems while using legacy apps.


compatibility problems while using legacy apps.

setting is not configured (or disabled), this snap-in is prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabled
setting is not configured (or disabled), this snap-in is prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabled
setting is not configured (or disabled), this snap-in is prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabled
se on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank M
tting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. -- If "Restrict users to the explici
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per
not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is per

will be able to customize their system settings for presentations in Windows Mobility Center. If you do not configure this policy setting, Win
will be able to customize their system settings for presentations in Windows Mobility Center. If you do not configure this policy setting, Win

applied to Automatic Maintenance.


icy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
he diagnostics-wide scenario execution policy is not configured. No reboots or service restarts are required for this policy setting to take e
prompts the user to download additional tools to diagnose problems on remote computers only. If you enable this policy setting for local
ider. If you do not configure this policy setting, MSDT support mode is enabled by default. No reboots or service restarts are required for t
the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a prote
run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting. If you disable or do not configu
installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. This policy setti
sable or do not configure this policy setting, by default, users can install programs from removable media only when the installation runs in
have permission to view or change, including directories on highly restricted computers. If you disable or do not configure this policy setti
have permission to view or change, including directories on highly restricted computers. If you disable or do not configure this policy setti
, the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be de
ears as a new component. (2) Add a new feature to the top or middle of an existing feature tree. The new feature must be added as a new

rograms to their employees. However, because this policy setting can pose a security risk, it should be applied cautiously.
y context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as
default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as tho
o, the patch will be applied using a minimal set of processing.
istrative privileges can install non-administrator updates.
pplicable to the product. If you disable or do not configure this policy setting, a user can remove an update from the computer only if the u
tting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrup
tting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrup
The "Restart Manager Off" option turns off Restart Manager for file in use detection and the legacy file in use behavior is used. -- The "Res
nable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer installed
gure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system admini
puter or be connected to the original or identical media to reinstall, remove, or repair the installation. This policy setting is designed for en
nts media; -- "u" represents URL, or the Internet. To exclude a file source, omit or delete the letter representing that source type.
ou disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap."
e checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the applica
e MsiLogging property. -- The "Logging via package settings off" option turns off the automatic logging behavior when specified via the Ms

Windows XP Professional and Windows Vista when the policy is not configured. -- The "For non-managed applications only" option permi
is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is the
of IPv6 addresses wherever possible. Important At least one of the entries must be a PING: resource. -A Uniform Resource Locator (URL)

You should configure one endpoint for each tunnel. Each entry consists of the text PING: followed by the IPv6 address of an IPsec tunnel
es not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addr

ll not be able to establish a connection to this domain controller. If you enable this policy setting, Net Logon will allow the negotiation and
with the PDC emulator if the DC fails to validate the password. If you disable this policy setting, the DCs will not attempt to verify any passw
urface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetB
ub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these r
ng clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator
Pv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default beh
hare when exclusive access is requested and the caller has only read permission. By default, the Netlogon share will grant shared read acce
C Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is from 0 to 65535. If you do not configure t
m a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DC
clusive access is requested and the caller has only read permission. By default, the SYSVOL share will grant shared read access to files on t

andomly selects the target host to be contacted is proportional to the Weight field value in the SRV record. To specify the Weight in the DC
etting result in the following behaviors: 0 - DCs will never perform address lookups. 1 - DCs will perform an exhaustive address lookup to d
cp.<SiteName>._sites.<DnsDomainName> Pdc SRV _ldap._tcp.pdc._msdcs.<DnsDomainName> Gc SRV _ldap._tcp.gc._m
ds. If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.

urs as described above. If you disable this policy setting or do not configure it, the default behavior occurs as described above.
occurs as indicated above.
empt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none
ted as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to alway
tive DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configu
, and computers use their local configuration.
tor DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the appli
ory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To spe

e several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost betwee
me domain, or no Global Catalog for the same forest, exists. If you disable this policy setting, the DCs will not register site-specific DC Locat
LabelDnsDomain policy setting is enabled. If you enable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, co
controller hosting an Active Directory domain specified with a single-label name using DNS name resolution. If you disable this policy setti
try interval policy setting is used. The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days
the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used. Warning: If the value for this
mum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. If the value for this setting is sma
ys refresh (0).
quency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once all DC
ny user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File men
disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) can
enu items are disabled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators"
If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connecti
Administrators. Note: When the "Ability to rename LAN connections or remote access connections available to all users" setting is configur
s). Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to a

able this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from u
ettings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If y
nable Network Connections settings for Administrators" setting. Important: If the "Enable Network Connections settings for Administrator
inistrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers. If you disable thi
ctions settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 comput
tting will not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not configure it, the Make New Co
ettings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If y
r Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disab
g (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users
u disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Us
setting will not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not configure it, all users can de
tors on post-Windows 2000 computers. If you disable this setting or do not configure it, the Properties dialog box for a connection include
more network segements together. This connection appears in the Network Connections folder. If you disable this setting or do not config
Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable
rs" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable this setting,
nnected to when the setting was refreshed, this setting does not apply. The Internet Connection Firewall is a stateful packet filter for home
e Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is re
xt menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in t
ter running DirectAccess and the Internet is routed through the internal network. If you disable this policy setting, traffic between remote
on how the problem can be resolved. If you enable this policy setting, this condition will not be reported as an error to the user. If you dis
lt, any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole list
em as Internet nodes. This setting should NOT be used to configure Internet proxies. Example: [3efe:3022::1000]; 18.0.0.1; 18.0.0.2 For
with this policy setting are merged with the hosts that are declared as private through automatic discovery. To ensure that these addresse
ur proxy server addresses. For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
s to automatically discover your private network hosts in the domain corporate environment. For more information see: http://go.micros

ble. -- "Never go offline" indicates that network files are not available while the server is inaccessible. If you disable this setting or select t
ble. -- "Never go offline" indicates that network files are not available while the server is inaccessible. If you disable this setting or select t
unless changed by the user. Note: Changes to this policy setting do not take effect until the affected computer is restarted.
e last synchronization are lost.
kout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time With
isabled or not configured, the default threshold value of 64,000 bps is used to determine if a network connection is considered to be slow.
oughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latenc
able for files that user's make available offline manually. If you enable this setting, you can specify an automatic-cache disk space limit. If

ar, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy
e server, and the most current version from the server is always available for subsequent reads. This policy setting is triggered by the config
ffline Files through the user interface. If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes exis
s the events in all preceding levels. "0" records an error when the offline storage cache is corrupted. "1" also records an event when the se
s the events in all preceding levels. "0" records an error when the offline storage cache is corrupted. "1" also records an event when the se
ne." This setting is designed to protect files that cannot be separated, such as database components. To use this setting, type the file nam
oth settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
oth settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
plete, but does not ensure that they are current. If you do not configure this setting, the system performs a quick synchronization by defau
plete, but does not ensure that they are current. If you do not configure this setting, the system performs a quick synchronization by defau
ed and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchron
ed and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchron
If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to t
If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to t
ding them. If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change
ding them. If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change

validation will be performed.


able or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
able or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
able or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
ome as well. Here are the four ways in which you can use this setting to control the seed server used in your corporation. 1. In order to use
tting and you dont enter any address, no seed server will be used. If this setting is not configured, the protocol will revert to using a public r
enable this setting and you dont enter any address, no seed server will be used. If this setting is not configured, the protocol will revert to

strapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenarios
otstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenar
otstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenar
RP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local address.
RP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local address.
RP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local address.

4. NOTE: If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum and
4. NOTE: If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum and

osoft Passport for Work for any user.


ure this policy setting, Remote Passport will be disabled, preventing the use of a phone as a companion device for desktop authentication.
ot detect compatibility issues for applications and drivers. If you do not configure this policy setting, the PCA is configured to detect failure

cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching
ing versions." If you do not configure this setting, all clients will use the version of BranchCache that matches their operating system. Polic
d cache servers in the branch office. If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cac
Cache configuration by other group policies. If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, Branc
t computers are domain members but you do not want to configure a BranchCache client computer cache age setting on all client compute
Select one of the following: - Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. I
oad the content to the hosted cache server for access by other hosted cache clients at the branch office. Policy configuration Select one o
pplied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configu
anchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but

he DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available. If you disable this po
solution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available. If yo
hooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resoluti
solution, the DPS will detect Windows System Responsiveness problems and indicate to the user that assisted resolution is available. If you

emShutdown(). If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power
can see and change this setting.

g lock screen slide show" policy setting can be used to disable the slide show feature.

reen slide show" policy setting can be used to disable the slide show feature.
reen slide show" policy setting can be used to disable the slide show feature.
configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Pr
configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Pr

ure this policy setting, users can control this setting.


policy setting can be used to disable the slide show feature.
policy setting can be used to disable the slide show feature.

p cmdlet. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Comp
p cmdlet. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Comp
e is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the LogPi
e is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the LogPi
k, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. Note: This policy setting exists un
k, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. Note: This policy setting exists un
nd time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session. If you disable
nd time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session. If you disable
y setting allows all scripts to run. If you disable this policy setting, no scripts are allowed to run. Note: This policy setting exists under both
y setting allows all scripts to run. If you disable this policy setting, no scripts are allowed to run. Note: This policy setting exists under both

ons corresponding to on-disk restore points. If you do not configure this policy setting, it is disabled by default.
ons corresponding to on-disk restore points. If you do not configure this policy setting, it is disabled by default.
gure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
gure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
he file from the backup media. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the pre
he file from the backup media. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the pre
re. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on
re. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on
of Internet printing only. It does not prevent the print client on the computer from printing across the Internet. Also, see the "Custom supp
ervices printers: 0 Bluetooth printers: 10 Shared printers: 0 In order to view available Web Services printers on your network, ensure that
nters: 50 If you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0.

lient itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server will s
and navigates to the specified URL address to display the available printers. This setting makes it easy for users to find the printers you wa
, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list. If you disa

e location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to find
inks only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, o

kernel-mode printer drivers will be blocked. If you enable this setting, installation of a printer using a kernel-mode driver will not be allow

iver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the
le driver, then the Point and Print connection will fail. This policy setting is not configured by default, and the behavior depends on the ver
or do not configure this policy setting, then applications that are configured to support driver isolation will be isolated. If you disable this

her system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers
that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server. If this s
that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server. If this s
e on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command pro
e on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command pro
printer's location or location naming scheme. Enabling Location Tracking adds a Browse button in the Add Printer wizard's Printer Name an
prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add printers

rowse master servers only when Active Directory is not available. Note: A client license is used each time a client computer announces a p

puter does not respond. If you disable this setting, the domain controller does not prune this computer's printers. This setting is designed t
blished" setting is disabled.
rification interval.
s before deleting printers from Active Directory. If you enable this setting, you can change the interval between contact attempts. If you d
an adjust the priority to improve the performance of this service. Note: This setting is used only on domain controllers.
the computer has published. By default, the pruning service contacts computers every eight hours and allows two retries before deleting p
default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is ever
Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, beca
ows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable us
ods to install or uninstall programs.

available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This s
ogram components.
Marketplace" task link will be available to all users. Note: If the "Hide Programs control Panel" setting is enabled, this setting is ignored.
ms Control Panel in Category View and Programs and Features in Classic View will be available to all users. When enabled, this setting takes
alue for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network a
DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that net
dapter, this setting is ignored when configuring that network adapter.
Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when co
mportant: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when con
ticular network adapter, this setting is ignored when configuring that network adapter.
f the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring th
the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring tha
ork adapter, this setting is ignored when configuring that network adapter.
re it, then the setting has no effect on the system. Important: If the maximum number of outstanding packets is specified in the registry fo
he default value of 80 percent of the connection. Important: If a bandwidth limit is set for a particular network adapter in the registry, this
. Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when
Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when c
articular network adapter, this setting is ignored when configuring that network adapter.
this setting is ignored when configuring that network adapter.
value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network
e DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that n
adapter, this setting is ignored when configuring that network adapter.
particular network adapter, then this setting is ignored when configuring that network adapter.
ty information, and WMI-capable applications will be unable to access reliability information from the listed providers.
g and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
the user to restore the computer to the original state or from a user-created system image. This is the default setting. If you disable this po
tem State Data feature occurs. Note: By default, the System State Data feature is always enabled on Windows Server 2003. See "Supported
isplayed when you shut down a computer running Windows Server. (See "Supported on" for supported versions.) If you enable this policy
ot configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning w

olicy setting, computers running this version and a previous version of the operating system can connect to this computer. If you do not co
corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you enable this policy setting, you have two ways to allow
g programs to allow connections to this computer. If you do not configure this policy setting, users can turn on or turn off Solicited (Ask fo
ovice. If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user sees
sta) -No full window drag -Turn off background If you enable this policy setting, bandwidth optimization occurs at the level specified. If y
cryption\Removable Data Drives."
cryption\Removable Data Drives."

ou enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information.
nd will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. If you disable this policy setting,
tems maintain RPC state information. -- "None" indicates that the system does not maintain any RPC state information. Note: Because the
n error condition. If you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error cond
setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions
plicable when the RPC Client, the RPC Server and the RPC HTTP Proxy are all running Windows Server 2003 family/Windows XP SP1 or high
or WINS is disabled, and the DNS suffixes are not configured.

Note: Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whe
configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier. Also, see the "Run Logon Scripts
can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in
can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in
h Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the ""Run st
GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following computer startup scripts: GPO B: B.cm
abled in GPO A. GPO B and GPO C include the following user logon scripts: GPO B: B.cmd, B.ps1 GPO C: C.cmd, C.ps1 Assume also that th
abled in GPO A. GPO B and GPO C include the following user logon scripts: GPO B: B.cmd, B.ps1 GPO C: C.cmd, C.ps1 Assume also that th
the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. This interval is

y to launch standalone troubleshooting packs such as those found in .diagcab files.


ontent that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. If you disable this policy s
etting, Windows will not be able to detect, troubleshoot or resolve problems on a scheduled basis. If you do not configure this policy settin
our intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where XXXX is the locale ID of
net search service is SharePoint Portal Server, your query should resemble the following: http://sitename/Search.aspx?k=$w If your intran

trol Panel setting is set to not index encrypted content. When this setting is enabled or disabled, the index is rebuilt completely. Full volum

ords that differ only because of diacritics as the same word.


n only when it can determine the language of a document with high confidence.

le system path to be indexed under the "Computer Configuration" Group Policy.

be indexed under the "Computer Configuration" Group Policy.

h can perform queries on the web, and if the web results are displayed in Search.
If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web over metered connecti
The default behavior for Search is to not index online delegate mailboxes. Disabling this policy will block any indexing of online delegate ma

e server can support. If you set this policy to not configured, then online mail items will be indexed at the speed of 120 items per minute. T

viously specified user locations will be visible.

y the file system path to be indexed under the "Computer Configuration" Group Policy. If you enable and then disable this policy setting, us

If you want to specify an initial default list of excluded file types that users can change later, see the administration guide for information

xx-xxxx-xxxx-xxxxxxxxxxxx} (include the braces) or a ProgID such as VisFilter.CFilter.1. If you maintain a locked desktop environment, this setti
sktop Search results, and your users can choose the location of the preview pane
: Share usage information but don't share search history, Microsoft account info or specific location. If you disable or don't configure this p

y Center status section are displayed. Note that Security Center can only be turned off for computers that are joined to a Windows domain

d Windows Server 2008 R2), or the Refresh the data shown in Server Manager every [x] [minutes/hours/days] setting (in Windows Serve
ed when an administrator logs on to the server. However, if an administrator selects the "Do not show this window at logon" option, the w

r 2008 R2) or Do not start Server Manager automatically at logon (Windows Server 2012) option is selected, the console is not displayed
cations can be specified when each path is separated by a semicolon. The network location can be either a folder, or a WIM file. If it is a W

wser" group is on by default and configurable by the user.


figurable by the user.

nfigurable by the user.

e to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC user w
e to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC user w

default. You must restart the computer for this policy setting to take effect.
B shares on folders. If you disable or don't configure this policy setting, users can share files out of their user profile after an administrator
lso, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the comm

puter uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the com
licy setting, apps and features can work with OneDrive file storage.
etting, users with a connected account will save documents to OneDrive by default.
urpose EKU - Certificates with a Client Authentication EKU If you disable or do not configure this policy setting, only certificates that conta
document signing, are not affected by this policy setting. Note: If you use an ECDSA key to log on, you must also have an associated ECDH

heir time validity has expired. If you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be
be displayed.

e for the same user (determined by their UPN). If there are two or more of the "same" certificate on a smart card and this policy is enable
. If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP.

ill be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. If you enable t

t cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
network node that receives SNMP packets from the network. If you enable this policy setting, the SNMP agent only accepts requests from
this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. If you
nt to notify management systems asynchronously. If you enable this policy setting, the SNMP service sends trap messages to the hosts with

ss Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration.

tab is displayed. If you disable or do not configure this policy setting, the Classification tab is hidden.
e for classification on the affected computers. If you disable or do not configure this policy setting, the Global Resource Property List in AD
this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM proce
y Logoff item to add and remove the Log Off item. This setting affects the Start menu only. It does not affect the Log Off item on the Windo

the Recent Items menu and the Jump Lists appear just as it did when the user logged off. Note: The system saves document shortcuts in th

prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
u. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock. If this setting is disabled or is no
e Start Menu and Taskbar do not show lists of recently or frequently used files, folders, or websites. If you disable or do not configure this

arget's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find
en uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an att
dard desktop icons. If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Sta

art menu slow to open.


own in the user's taskbar. Note: Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification a

erties. If you disable this setting or do not configure it, the user can configure the taskbar position. Note: Enabling this setting also locks th

they choose.

n you press CTRL+ALT+DELETE. If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, a
e this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.

not configure this policy setting, the Default Programs link is available from the Start menu. Note: This policy setting does not prevent the
ents icon is available from the Start menu. Also, see the "Remove Documents icon on the desktop" policy setting.

t menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.

p a users system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that
This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when

ble or do not configure this policy setting, Network Connections is available from the Start Menu. Also, see the "Disable programs on Settin

disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available
e Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu. W

ds will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R. If you disable o

nts the user from using the F3 key. In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not
r-specific folders, not just those associated with redirected folders. If you enable this setting, no folders appear on the top section of the S

ar to issue the "Run as different user" command.

displays by pressing the Start button on that display. Also, the user will be able to configure this setting.

ou configured. Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file. Y
ou configured. Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file. Y

menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus a
om the Start Menu" and "Turn off personalized menus". This policy setting does not prevent users from pinning programs to the Start Men

you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System
text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this policy,
text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this policy,
e this setting in the Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to any text entry area in applicati
e this setting in the Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to any text entry area in applicati
e Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to text entry areas in applications where this behav
e Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to text entry areas in applications where this behav

n on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, rarely used Chinese, Kanji, and Hanj
l not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel tab will appear
l not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel tab will appear
complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setti
complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setti

s. If you enable this policy and choose Low from the drop-down box, password security is set to Low. At this setting, all password secu
om the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Inp
om the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Inp

olicy is a subset of the Disable pen flicks policy. If you disable or do not configure this policy, all the features described above will be availa
olicy is a subset of the Disable pen flicks policy. If you disable or do not configure this policy, all the features described above will be availa
ote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network conne

d Security and Maintenance will be displayed on the taskbar. A reboot is required for this policy setting to take effect.

le time and power management settings, and its security context. Beginning users will often not be interested or confused by having the p
le time and power management settings, and its security context. Beginning users will often not be interested or confused by having the p
gement settings, and its security context. Note: This setting appears in the Computer Configuration and User Configuration folders. If both
gement settings, and its security context. Note: This setting appears in the Computer Configuration and User Configuration folders. If both

t appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs. Important: This setting
t appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs. Important: This setting
e new tasks, and it does not prevent users from deleting tasks. Note: This setting appears in the Computer Configuration and User Configu
e new tasks, and it does not prevent users from deleting tasks. Note: This setting appears in the Computer Configuration and User Configu

strators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.
in User Configuration. Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
in User Configuration. Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
nfigure 6to4 with one of the following settings: Policy Default State: 6to4 is enabled if the host has only link-local IPv6 connectivity and a p

nterface is always present, even if the host has other connectivity options. Policy Disabled State: No IP-HTTPS interfaces are present on the

e is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISA

the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent. If you disable or do not configure this po

work that includes a domain controller. Enterprise Client: The Teredo interface is always present, even if the host is on a network that inclu
you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput p
and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that t
and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that t
ut specifying an .rdp file). If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate
without specifying an .rdp file). If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid cer
eoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. By default, audio and video playback red
ows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Wind
vailable for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
sion time zone is the same as the server time zone. Note: Time zone redirection is possible only when connecting to at least a Microsoft W
oming connections. If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target co
to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to

set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnec
h, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory u
olicy has to be set on the Hyper-V host machine. If you set the encoding option to Attempt only for RemoteFX vGPU virtual machines be
setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This
lished (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active. If you enable th
fy an existing farm name, the server joins that farm in RD Connection Broker. If you enable this policy setting, you must specify the name o
Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list
When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression sche
or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
he RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host se
ng, logging off the connected administrator is allowed. Note: The console session is also known as Session 0. Console access can be obtain
le this policy setting, users can redirect print jobs with client printer mapping. If you do not configure this policy setting, client printer map
Services always allows Clipboard redirection. If you do not configure this policy setting, Clipboard redirection is not specified at the Group P
icy setting, Remote Desktop Services always allows COM port redirection. If you do not configure this policy setting, COM port redirection
ipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP. If you disable this
op client will use hardware accelerated decoding if supported hardware is available.
s are read-only. If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user sec
ction is always allowed. If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.

top Connection.
0 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
onnection to choose the supported Plug and Play devices to redirect to the remote computer. If you enable this policy setting, users canno
ry folders are deleted when a user logs off, even if the server administrator specifies otherwise. If you do not configure this policy setting,
server automatically maps the client default printer and sets it as the default printer upon connection. If you do not configure this policy se
sionid. If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on t
hen you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select
at only support the Windows Server 2008 R2 SP1 RemoteFX Codec.If you disable or do not configure this policy setting, non-Windows thin
et time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy setti
et time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy setti
default to Remote Desktop Services sessions. If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services sessio
If you enable this policy setting, these notifications will not be displayed on the RD Session Host server. If you disable or do not configure t
y setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy se
erver will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Ser
with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compressi
mined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the clien
session. If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remo
allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Serv
etting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.
gabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile
ou can select either Rich multimedia or Text. If you disable or do not configure this policy setting, Remote Desktop Services sessions are op
mpression that is performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by sele
er 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. By d

tting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and
Shut Down Windows dialog box. Note: This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from
d, Windows Security remains in the Settings menu.
Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not resp
d by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not s
start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog b
Services. If you do not configure this policy setting, this policy setting is not specified at the Group Policy level.
work Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. If you disable Connect
of the RDP traffic will use TCP. If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the
plate will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selecti
tions must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption met
ices uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name
sers to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on th
ing the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, either
ose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without en
the session, without the user's consent. 4. View Session with user's permission: Allows the administrator to watch the session of a remote
the session, without the user's consent. 4. View Session with user's permission: Allows the administrator to watch the session of a remote
ble this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server. If you disable
ve the mouse to keep the session active. If you have a console session, idle session time limits do not apply. If you disable or do not config
ve the mouse to keep the session active. If you have a console session, idle session time limits do not apply. If you disable or do not config
e programs. If you have a console session, active session time limits do not apply. If you disable or do not configure this policy setting, this
e programs. If you have a console session, active session time limits do not apply. If you disable or do not configure this policy setting, this
default, these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting, disconnected sess
default, these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting, disconnected sess
ecified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the
ent's printer is not available. You can choose to change this default behavior. The available options are: "Do nothing if one is not found" - If
print field. If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. Notes: You can define t

The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. To u
The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. To u
n Host servers. If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background.

ost server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteA
RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP a
andatory user profiles are not used by users connecting remotely to the RD Session Host server. Note: For this policy setting to take effect,
river that matches the client printer, the client printer is not available for the Remote Desktop session. If you disable this policy setting, the
river that matches the client printer, the client printer is not available for the Remote Desktop session. If you disable this policy setting, the
Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use t
ver in the following order: 1. Remote Desktop license servers that are published in Active Directory Domain Services. 2. Remote Desktop li
e the load on the remote computer. If you enable this policy setting, desktop composition will be allowed for remote desktop sessions. On
ties sheet by using Server Manager. By default, only programs in the RemoteApp Programs list can be started when a user starts a Remote
nd the session time zone is the same as the server time zone. Note: Time zone redirection is possible only when connecting to at least a M
s any initial program policy settings. If you disable or do not configure this policy setting, an initial program can be specified that runs on th
Services always allows Clipboard redirection. If you do not configure this policy setting, Clipboard redirection is not specified at the Group P
smoothing is allowed for remote connections. You can configure font smoothing on the Experience tab in Remote Desktop Connection (RD

ng, Windows Vista displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see th
apter must be configured for Remote Desktop IP Virtualization to work.
d state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off f
d state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off f

n, and multiple per user application installation requests are queued and handled by the msiexec process in the order in which they are rec
not configure this policy setting, Remote Desktop IP Virtualization is turned off.
ected to the RD Session Host server where their session exists. If you disable this policy setting, users who do not have an existing session l

ouch input is on by default. Note: Changes to this setting will not take effect until the user logs off.

e user logs off.


e user logs off.
ative delegation blob plus the TPM user delegation blob, or none. If you enable this policy setting, Windows will store the TPM owner au
vigate to the "Command Management" section. If you disable or do not configure this policy setting, only those TPM commands specified
ble the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc"
s is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands. If you disable o
andard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standard user sends a co

ws the speed standard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standard
roup. By configuring this policy setting, you can alter this behavior. If you enable this policy setting, the administrator group is also given fu
ATH% stores the remainder of the fully qualified path to the home directory (such as \dir1\dir2\homedir). As a result, users can access any
ow to load. If you enable this policy setting, you can change how long Windows waits for a response from the server before considering th
slow to load. If you enable this policy setting, any local copies of the user's roaming profile are deleted when the user logs off. The roamin
not automatically delete any profiles on the next system restart.
er profiles, and it ignores the policy settings that tell the system how to respond to a slow connection. If you disable this policy setting or d
checks are made for the correct permissions if the profile folder already exists. For Windows Server 2003 family, Windows 2000 Professiona
the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed. If you disable or do n
cannot be loaded. If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windo
user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active
their server-based profiles. If you enable this policy setting, you can override the amount of time Windows waits for user input before usi
older rather than all of the AppData\Roaming folder to the exclusion list. By default, the Appdata\Local and Appdata\LocalLow folders and
ncreasing logon time. You can use this policy setting to change this behavior. If you enable this policy setting, Windows will not delete Wind
notified when the profile exceeds the permitted maximum size. -- Specify a customized message notifying users of the oversized profile.
vice is reading or editing the registry, the system cannot unload it. The system tries repeatedly (at a rate of once per second) to unload and
sers configured to use roaming profiles from receiving their profile on a specific computer. If you enable this setting, the following occurs o
his policy setting, you can prevent changes made to a roaming profile on a particular computer from being persisted. If you enable this pol
en is able to choose to download the remote copy of the user profile. In Microsoft Windows Vista, a check box appears on the logon screen
ble this policy setting, Windows waits for the network to become available up to the maximum wait time specified in this policy setting. Se
need to ensure that you have set the appropriate security on the folder to allow all users to access the profile. If you enable this policy setti
ploads the profile's registry file at the specified interval after the user logs on. For example, with a value of 6 hours, the registry file of the
letter to assign to the file share. If you choose On the local computer, enter a local path (for example, C:\HomeFolder) in the Path box. D
disable or do not configure this policy setting, the paths specified in this policy setting will behave like any other cached data via Offline Fi

be able to retrieve the user's UPN, SIP/URI, and DNS. "Always off" - users will not be able to change this setting and the user's name and a
when loading is slow. If you disable this policy setting or do not configure it, when a remote profile is slow to load, the system loads the loc
their content can be viewed. These operating systems have read-only access to BitLocker-protected drives. When this policy setting is ena
ith SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives. When this policy s
m check during BitLocker setup. If you disable or do not configure this policy setting, enhanced PINs will not be used.
mputer and the BitLocker Drive Encryption Network Unlock server must be provisioned with a Network Unlock certificate. The Network Un
orm is capable of Secure Boot-based integrity validation. If you disable this policy setting, BitLocker will use legacy platform integrity valida
mputer's environment variables in the path. If the path is not valid, the BitLocker setup wizard will display the computer's top-level folder v
ommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be
setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives. If you disable or
ws Server 2008 R2, or Windows 7. If you enable this policy setting you will be able to choose an encryption algorithm and key cipher stren
onsult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents. I
nt Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more inform
icy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recove
ng a 256-bit recovery key. If you enable this policy setting, you can configure the options that the setup wizard displays to users for recover

recovery message and URL" option. If you select the "Use custom recovery message" option, the message you type in the "Custom recove
mponents change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer
tion store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for native U
Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for BIOS-based firmware configurations" group
that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with h
mputers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used
puters that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used w
sword Policy\ must be also enabled. Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker
unt Policies\Password Policy\ must be also enabled. Note: These settings are enforced when turning on BitLocker, not when unlocking a vo
Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any
the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their acces
h any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate the

not configure this policy setting, BitLocker secrets are removed from memory when the computer restarts.
estarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and

timalware service will not receive notifications to disable definitions.


ure this setting, the check for definition updates will occur at a default frequency.
ency specified. If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency
eduled scan will run at a default frequency.
t a default time.
can to complete remediation will run at a default time.
a default time.
If you disable or do not configure this setting, the check for definition updates will occur at the default time.

g, Windows Defender automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.

scan configured, there will be no catch-up scan run. If you disable or do not configure this setting, catch-up scans for scheduled full scans
led scan configured, there will be no catch-up scan run. If you disable or do not configure this setting, catch-up scans for scheduled quick s
uter that is up-to-date with all the latest security updates, network protection will have no impact on network performance. If you enable

or the default number of days.

AL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved. For shell extensions to run on a per-user basis, th


zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Sear
zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Sear
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Sear
zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Sear
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search C
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th
ms that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for th

software Give user a warning before running downloaded unknown software Turn off SmartScreen If you disable or do not configure

739-ae1a-d4a54907c53f} or SampleVideos. Note: Disabling a known folder can introduce application compatibility issues in applications th

re this policy setting, users can open Folder Options from the View tab on the ribbon.

ng their administrator credentials. Many programs can be installed only by an administrator. If you enable this setting and a user does not h

esources, such as an Internet server. If you enable this policy setting, Windows only searches the current target path. It does not search fo
for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open. N
plications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common d
e policies only affect programs that use the standard Open dialog box provided to developers of Windows programs. To see an example of
s by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window. Also
Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Ma
achments and Saved Searches. If you disable or do not configure this setting the default list of items will be displayed in the Places Bar. No
o the location of the default Library definition files.
o the location of the default Library definition files.

network resources in File Explorer and Network Locations. This policy setting does not prevent users from connecting to computers in their
o remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive
www.example.com/results.aspx?q={searchTerms}). You can add up to five additional links to the "Search again" links at the bottom of resu
r a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConne
etting or select the "Do not restrict drives" option from the drop-down list. Note: The icons representing the specified drives still appear in
ote: This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that t

S tab is available.

olicy setting, the Search button is available from the File Explorer toolbar. This policy setting does not affect the Search items on the File Exp

y setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. Note: T

wed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control P
This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using th
licy is not configured, disabled, or the client machine is not domain-joined, no default associations will be applied at logon time. If the poli

s that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.

enable this policy setting the protocol is fully enabled, allowing the opening of folders and files. If you disable this policy setting the protoc
enable this policy setting the protocol is fully enabled, allowing the opening of folders and files. If you disable this policy setting the protoc

esults are returned * Disable ability to stack in the Context menu and Column headers * Exclude Libraries from the scope of Start search

change these options. If you disable or not configure this policy, the default File Explorer behavior is applied to the user. Note: In operatin
eleted. If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both n

ct "4294967295" as the maximum amount of disk space. If you disable this policy setting or do not configure it, the default value is set to 5
ys each startup. If you disable or do not configure this policy setting, by default, files are scanned only during setup. Note: This policy setti

messages sent by computers that authenticate using IPsec. If you enable this policy setting and add systems to the list, upon disabling this p
ng, you must specify which ICMP message types Windows Firewall allows this computer to send or receive. If you disable this policy settin
ng, you must specify which ICMP message types Windows Firewall allows this computer to send or receive. If you disable this policy settin
you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an adm
you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an adm
EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typ
EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typ
Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this
Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this
box is selected and administrators cannot clear it. If you disable this policy setting, Windows Firewall blocks these ports, which prevents th
box is selected and administrators cannot clear it. If you disable this policy setting, Windows Firewall blocks these ports, which prevents th
define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Firewall with Ad
define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Firewall with Ad
dministrators to define a local program exceptions list. However, local administrators will still be allowed to create firewall rules in the Wind
dministrators to define a local program exceptions list. However, local administrators will still be allowed to create firewall rules in the Wind
t provide an option to log successful incoming messages. If you are configuring the log file name, ensure that the Windows Firewall service
t provide an option to log successful incoming messages. If you are configuring the log file name, ensure that the Windows Firewall service
ck the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a port, click its definiti
ck the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a port, click its definiti
ewall to open, even if that port is blocked by another policy setting, such as the "Windows Firewall: Define inbound port exceptions" policy
ewall to open, even if that port is blocked by another policy setting, such as the "Windows Firewall: Define inbound port exceptions" policy
ows Firewall: Do not allow exceptions" policy setting by turning off the firewall. If you disable this policy setting, Windows Firewall applies
ows Firewall: Do not allow exceptions" policy setting by turning off the firewall. If you disable this policy setting, Windows Firewall applies
ear it. If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that in the Window
ear it. If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that in the Window
mputers and then blocks all later responses. Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host C
mputers and then blocks all later responses. Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host C
n use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection
n use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection

able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in
during playback check box is cleared and is not available. If you do not configure this policy setting, users can change the setting for the Al
Browser is selected. The Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot be
ailable and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. Th
in the Player are not available. If you disable or do not configure this policy setting, users can change the buffering options on the Perform
ailable and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. If
Skin policy is enabled, some options in the anchor window are not available.
ayer. If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window a

isable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by o

ou disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
onfigure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box.
ng for the Download codecs automatically check box.

aring on or off.
not selected and are not available. If you disable or do not configure this policy setting, users can change the setting of the Update my mu
olicy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box. Video smoothing
y using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank. A user has access only to the Player fe
he Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "A

e this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface. Note: If you do not want users to use
e this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface. Note: If you do not want users to use

If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless o

configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins an
aining a valid channel binding token is rejected. If HardeningLevel is set to Relaxed (default value), any request containing an invalid chann
WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.

min will be used.


tting, the value 150 is used by default.

ser Account Control window and do not need elevated permissions to install these updates, except in the case of updates that contain User
Microsoft update service location must be signed by Microsoft. Note: Updates from a service other than an intranet Microsoft update serv
omatic updates installations" policy is enabled, then this policy has no effect.
us is set to Disabled or Not Configured, Windows will check for available updates at the default interval of 22 hours. Note: The "Specify int
pdates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. 3 = (Default se

Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the
Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the
service using the "Specify intranet Microsoft update service location" policy.
dows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
dows dialog box if updates are available when the user selects the Shut Down option in the Start menu.

tus is set to Disabled or Not Configured, no target group information will be sent to the intranet Microsoft update service. Note: This polic
wake the system up to install the updates. Windows update will also wake the system up and install an update if an install deadline occurs.
e status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minut
ager from automatically installing driver updates from the Windows Update Web site. If enabled you can configure one of the following no
olicy has no effect. This policy has no effect on Windows RT
minute after the computer is next started. Note: This policy applies only when Automatic Updates is configured to perform scheduled insta

rver to which updated workstations upload statistics. You can set both values to be the same server. If the status is set to Enabled, the Auto

d software is available. The user can click the notification to open the Windows Update Application and get more information about the soft
, Windows searches for updates and automatically downloads them. Note: Windows Update is an online catalog customized for your com

rogram file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file. If y
ces and Ease of Access applications can simulate the SAS. If you disable or do not configure this setting, only Ease of Access applications ru
essful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows deskt
g, you might want to examine and appropriately configure the Set action to take when logon hours expire setting. If Set action to take w

tem will perform the action you specify when the users logon hours expire. If you disable or do not configure this setting, the system take
user. If you disable this policy setting, the device does not store the user's credentials for automatic sign-in after a Windows Update restart

applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly.

er's contacts have shared with them, and enables users on this device to share networks with their contacts. "Enable paid services" enable

certain data limit. - Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of
ration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to
tup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to

Quiet Hours by default. Adminstrators and users will be able to modify this setting.

u enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the applic
urs are enabled by default but can be turned off or by the administrator or user.

r. No reboots or service restarts are required for this policy setting to take effect.

ariable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of 3G connections is Fixe
riable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of 4G connections is Fixe
t anyway you can select the certificate errors that you want to ignore. Note: This policy setting applies to all sites in Trusted zones.
ot appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only

However, this setting blocks user access to the Windows Component Wizard.

tion\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, re

n files. If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use
ts. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Progra
setting does not prevent users from using other tools and methods to install or uninstall programs.
ng or do not configure it, the Support Info hyperlink appears. Note: Not all programs provide a support information hyperlink.
isplayed when the "Add New Programs" page opens. You can use this setting to direct users to the programs they are most likely to need.

n the system is increased. If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit

ance: This may result in a blue screen if an old anti-virus application is installed.) The Windows Resource Protection and User Account Cont

mprovement Program is turned off. The Inventory Collector will be off.

equire better performance and are already aware of application compatibility issues. If you disable or do not configure this policy setting, t

e Switchback will be turned on. Please reboot the system after changing the setting to ensure that your system accurately reflects those ch
cy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Sto

a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http, htt
a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http, htt

in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. If you
heir zone information.
Unblock button.
u do not configure this policy setting, Windows uses its built-in list of high-risk file types.
g, Windows uses its default trust logic.
s its default trust logic. If you do not configure this policy setting, Windows uses its default trust logic.
hen file attachments are opened. If you do not configure this policy setting, Windows does not call the registered antivirus programs when
ons. If you enable this policy setting, you can choose the order in which Windows processes risk assessment data. If you disable this policy
vents. Default: Not configured Note: When this policy setting is enabled, any user with access to read the security events will be able to re
g. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely
g. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely
disabled on all drives. This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on
disabled on all drives. This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on

revent data loss in the event that someone forgets their logon credentials.
who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their log

m peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching
mputer's administrative settings for Windows Branch Cache disable its use entirely.
omputers before reverting to the origin server. Note: This policy setting has no effect if the "Allow BITS peer caching" policy setting is disab
setting is disabled or not configured.
policy setting is disabled or not configured.
ent of the total system disk size. Note: This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured

tinue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. If you disable or do not configure this po
olicy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth
300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local ad

t to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can
dth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule. If you disable or do not configure this polic
rity levels: high, normal, and low. You can specify a limit to use for background jobs during a work schedule. For example, you can limit the
phaned jobs occupying disk space. If you enable this policy setting, you can configure the inactive job timeout to specified number of days

ure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it mi
ure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it mi
of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. Fo

dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or

through the setting or Control Panel. Also, see the "Prevent changing Screen Saver" setting.

vailable at user logon, the default visual style is loaded. Note: When running Windows XP, you can select the Luna visual style by typing %w
ified path to the file. If the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored. Note:
le Screen Saver" setting and specify a timeout via the "Screen Saver timeout" setting. Note: To remove the Screen Saver dialog, use the "P
setting hides the Appearance and Themes tabs in the in Display in Control Panel.

nce over this policy.

r program on the client. When not configured, whatever wait time is set on the client through the Screen Saver dialog in the Personalizatio
tion allowed. If you disable or do not configure this policy setting, users will be able to customize their account pictures.
ble options the user may choose. If you disable or don't configure this policy setting, the user cannot configure the amount of time after t

the default logon domain is always set to the domain to which the computer is joined.
available for authentication purposes. If you disable or do not configure this policy, all installed and otherwise enabled credential providers

the system vault when using this feature.


ot permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see K
an be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegat
RMSRV/*). If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. Note: The "Allow delegating f
olicy setting, delegation of fresh credentials is not permitted to any machine. Note: The "Allow delegating fresh credentials with NTLM-onl
any machine (TERMSRV/*). If you disable this policy setting, delegation of saved credentials is not permitted to any machine. Note: The "A
e client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitt
delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fab
ot be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresource
credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/hos
Note: To disable most credential delegation, it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by m
ows components and applications that use the Windows system controls, including Internet Explorer.
ows components and applications that use the Windows system controls, including Internet Explorer.

code access to the users Windows credentials.

tart and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, includin
Security Check exemptions" policy is not configured.
ed appid DCOM will add it to the list without checking for errors. If you enable this policy setting, you can view and change the list of DCOM

he desktop. They are simply not added again. Note: For this setting to take affect, you must log off and log on to the system.

ve wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this spe

trator." If the filter bar does not appear above the resulting display, on the View menu, click Filter.

ry or disk space. This setting is designed to protect the network and the domain controller from the effect of expansive searches.

e Explorer Web views. If the user manages to navigate to Computer, the folder will be empty. If you disable this setting, Computer is display
rotected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either: 1) first update th
cted by the virtualization based security feature. Warning: All drivers on the system must be compatible with this feature or the system ma
p are subject to all policy settings that restrict device installation.
on of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting,
ices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent

s are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files

e device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.
y setting, devices can be installed and updated as allowed or prevented by other policy settings.
o not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
able this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop clien
mber or when the driver was created. If you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certificat

for drivers also see "Turn off Windows Update device driver searching" in Administrative Templates/System/Internet Communication Man

n Windows will search for a driver only if a driver is not locally available on the system. If you disable or do not configure this policy setting
evice drivers.

consent before going to Windows Update to search for device drivers.


consent before going to Windows Update to search for device drivers.

d and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not exec
no corrective action is taken. If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy s
g, the default behavior is observed and the NV cache is used for boot and resume optimizations. Note: This policy setting is applicable only

ving mode. If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache
tored in the NV cache. Note: This policy setting is applicable only if the NV cache feature is on.

volumes. Note: This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To spec
users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users rea
ts are recorded, but administrators can use the Quota tab option to change the setting. This policy setting is independent of the enforcem
change the logging setting. This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event
n the Quota tab. This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for curr

e query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the loca

ocal or DHCP supplied list of DNS servers, if configured.


soft.com." To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to
mputers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network

nses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in
primary DNS suffix. If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DN
nection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP
tate of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check b
licy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffi
er PTR resource records even if registration of the corresponding A records was not successful. Register only if A record registration succee
hould never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the re
ne currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record tha

able this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
. If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMN
is policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
uters will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clien
y setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource record

r 0xFFFF // no definition. If you disable or do not configure this policy setting, no range of characters are filtered by default. This policy se
ME and Simplified Chinese Microsoft Pinyin.

Microsoft IME and Simplified Chinese Microsoft Pinyin.

known: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antima
able this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default valu
ws Error Reporting information is stored.
ws Error Reporting information is stored.
Problems page in Control Panel. The Maximum number of reports to queue setting determines how many reports can be queued before
Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator is
rts. - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and
rts. - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and
n the Default dropdown list. The Windows applications category is a subset of Microsoft applications. If you disable or do not configure thi

ternet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user setting
ternet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user setting
o not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computer

t of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applicatio
olicy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If you disable or do not configure this polic
olicy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If you disable or do not configure this polic
d by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all app
does not upload report data until the computer is connected to a more permanent power source.
does not upload report data until the computer is connected to a more permanent power source.

disable or do not configure this policy setting, the Event Collector computer will not be specified.
e retained.
e retained.
e retained.
e retained.

nore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and AP

me change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.

will not encrypt event log messages before writing them to the event log.

folder at %userprofile%.
her boot order configuration. If you do not configure this setting, users who are members of the Administrators group can make changes u

Detection and troubleshooting of corrupted files will automatically start with no UI. Recovery is not attempted automatically. Windows will
u enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protecte

ill only be generated for files created on the system volume.


red for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. Note: Do
menu option in the user interface. Note: The configuration of this policy for any folder will override the configured value of "Do not autom
ew network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirectio
ectory schema to function. If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders
ectory schema to function. If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders
ndard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. Note: This policy is valid only o
ndard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. Note: This policy is valid only o

cy is not configured. This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is sto

9, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Convers
setting is not configured.
setting is not configured.

locale as their user locale, but they can still select a replacement locale if one is installed. If you disable or do not configure this policy setti
locale as their user locale, but they can still select a replacement locale if one is installed. If you disable or do not configure this policy setti
cale overrides. If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Di
cale overrides. If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Di

dministrative options, other policies may prevent them from modifying the values.
from actually changing their current geographical location.
ent them from changing their UI language.

ble or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options con
elect a system locale only from the specified system locale list. If you disable or do not configure this policy setting, administrators can sele
English (Canada) and French (Canada). If you enable this policy setting, only locales in the specified locale list can be selected by users. If y
English (Canada) and French (Canada). If you enable this policy setting, only locales in the specified locale list can be selected by users. If y

his policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the "Restrict selection of Windows menus and dialogs lan

nyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is co
nyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is co

ity and function of this setting is dependent on supported languages being enabled.

oup Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. - An event log message (1109) is p
y were in the GPO. You can change this behavior by using this setting. If you enable this setting, the Group Policy Object Editor snap-in alw
olicy will be applied in the background after the network becomes available. Note that because this is a background refresh, extensions req
s the administrator the option to override the default to slow network connection and instead default to using a fast network connection in
s the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow
e update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause signi
o not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates
version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the Configure Group Policy Slo
-ins use. "Use any available domain controller" indicates that the Group Policy Object Editor snap-in can read and write changes to any ava
Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connecti
Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connecti
ow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as
k connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telepho
ogon scripts.
he computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restar
s a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Do not apply du
es in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the nex
ns. If you disable or do not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network conne
e of the following modes from the Mode box: "Replace" indicates that the user settings defined in the computer's Group Policy Objects re
date is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significa
en the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause

ested, you must disable the object link.


h the RSoP snap-in from the command line by typing RSOP.msc Note: This policy setting exists as both a User Configuration and Computer
h the RSoP snap-in from the command line by typing RSOP.msc Note: This policy setting exists as both a User Configuration and Computer

the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the Configure Group
; preferences do not appear. If you disable or do not configure this policy setting, the "Show Policies Only" command is turned on by defau

ny time, no matter how this policy setting is configured. Also, see the "Set Group Policy refresh interval for computers" policy setting to ch

licy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals a
ropriate for most installations. If you disable or do not configure this setting, the domain controller updates Group Policy every 5 minutes
However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate fo
em-computed wait time. If you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds on c
nd overrides any default or system-computed wait time. If you disable or do not configure this policy setting, Group Policy will use the def
the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timestam
tting, you must restart your computer for it to take effect.

hat you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workg
Microsoft Management Console (MMC).

ce items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connection
tems in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a
erence items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connec
r items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where
when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause si
reference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file
e items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections
ms in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a us
tion updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates ac
r items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where
update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant d
extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be cr
ng across a slow network connection" option updates preference items even when the update is transmitted across a slow network connec
ing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location w
when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause sig
eference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file c
n when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause
eference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file
items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections c
preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace fil
work connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telep
Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in
cross a slow network connection" option updates preference items even when the update is transmitted across a slow network connection
rm tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the loc
tes preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow
racing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the locatio
w network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a
ing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location w
essing across a slow network connection" option updates preference items even when the update is transmitted across a slow network con
reference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file
pdates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across
rm tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the loc
en when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause
preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace fil
a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such
tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the locati
n when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause
preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace fi
even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can ca
this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user tra
e items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections
ms in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a use
Application preference items cannot be created.
plicitly permitted list of snap-ins" policy setting.
s to the explicitly permitted list of snap-ins" policy setting for the Control Panel Settings item, but not for its children. Enabling this policy se
plicitly permitted list of snap-ins" policy setting for the Control Panel Settings item, but not for its children. Enabling this policy setting does
sion. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the ex
If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicit
icitly permitted list of snap-ins" policy setting.
plicitly permitted list of snap-ins" policy setting.
ermitted list of snap-ins" policy setting.
nsion. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the
y permitted list of snap-ins" policy setting.
y permitted list of snap-ins" policy setting.
permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of
nce extension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict use
tension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to th
explicitly permitted list of snap-ins" policy setting.
nsion. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the
etting, you permit use of the Preferences tab.
If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicit
permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of
ly permitted list of snap-ins" policy setting.
ension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to th
rmit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Co
itly permitted list of snap-ins" policy setting.
it use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Cont
setting applies only to computers running Remote Desktop Services.
og box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\so
Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from H
Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from H
Executable. This provides an additional security benefit, but HTLM Help stops if DEP detects system memory abnormalities.

WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.

you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to receive
mputer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. If you disable or

tion" is not displayed at the end of the description. If you disable or do not configure this policy setting, the user can click the hyperlink, w
ss, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection.
r has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page.

nloaded when the user uses the web publishing or online ordering wizards. See the documentation for the web publishing and online orde
nloaded when the user uses the web publishing or online ordering wizards. See the documentation for the web publishing and online orde

ng in Computer Configuration/Administrative Templates/Printers.


ng in Computer Configuration/Administrative Templates/Printers.
except the country/region you live in).
l send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the

ormation, and the setting is not shown. If you do not configure this policy setting, users have the choice to opt in and allow information to
ormation, and the setting is not shown. If you do not configure this policy setting, users have the choice to opt in and allow information to
nt Program. If you disable this policy setting, all users are opted into the Windows Customer Experience Improvement Program. If you do
and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/W
policy setting, NCSI runs one of the two active tests.
earching Windows Update for device drivers if a driver is not found locally. Note: This policy setting is replaced by "Specify Driver Source Se
d applications that require IIS to run."
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded i
om another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded i
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded i
om another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded i
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to a
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
om another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to acce
t creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not c
t creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not c

e list, enter the following information: Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID
e list, enter the following information: Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID
allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'. If you do not configure this policy setting, only VML w
allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'. If you do not configure this policy setting, only VML w

nfigure this policy setting, Consistent Mime Handling is prevented for all processes.
nfigure this policy setting, Consistent Mime Handling is prevented for all processes.
rer or those defined in a process list. If you disable or do not configure this policy setting, Local Machine zone security is not applied to loc
rer or those defined in a process list. If you disable or do not configure this policy setting, Local Machine zone security is not applied to loc

policy is enforced for processes other than File Explorer and Internet Explorer.
policy is enforced for processes other than File Explorer and Internet Explorer.
e Process List.
e Process List.

r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
ent over other protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is
ent over other protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo
r protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If yo

and script behaviors are available.


and script behaviors are available.
and script behaviors are available.
and script behaviors are available.
and script behaviors are available.
and script behaviors are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
and script behaviors are not available unless applications have implemented a custom security manager.
and script behaviors are not available unless applications have implemented a custom security manager.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
ehaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
and script behaviors are not available unless applications have implemented a custom security manager.
and script behaviors are not available unless applications have implemented a custom security manager.
and script behaviors are available.
and script behaviors are available.
is enabled, this policy setting has no effect.
is enabled, this policy setting has no effect.
configure this policy, users will be prompted when Web Components such as fonts would be downloaded.
configure this policy, users will be prompted when Web Components such as fonts would be downloaded.
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
e user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet E
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside Inte
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
ide whether to load XPS files inside Internet Explorer.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting cannot be redirected to another Web page.
resh setting cannot be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting cannot be redirected to another Web page.
resh setting cannot be redirected to another Web page.
resh setting can be redirected to another Web page.
resh setting can be redirected to another Web page.
re this policy setting, users can change the Suggestions setting on the Settings charm.
re this policy setting, users can change the Suggestions setting on the Settings charm.
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone ru
ng for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone ru
ng for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone ru
ng for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone ru
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and
ng for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone ru
ng for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone ru

ile the images are downloading. The user cannot change this policy setting. If you do not configure this policy setting, the user can allow o
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
older media players. If you do not configure this policy setting, video and animation can be played through older media players in specifie
nd caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their com
nd caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their com
tabase and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on t
tabase and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on t
u don't configure the policy setting, users can select the Always send Do Not Track header option, in Internet Explorer settings. By selecting
u don't configure the policy setting, users can select the Always send Do Not Track header option, in Internet Explorer settings. By selecting
curity Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zo
ble or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifies
ble or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifies
configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to in
configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to in
tting, current values of the URL action for the application or process on the computer prevail.
tting, current values of the URL action for the application or process on the computer prevail.
rm a Clipboard operation. If you do not configure this policy setting, current values of the URL action for the Internet Explorer process prev
rm a Clipboard operation. If you do not configure this policy setting, current values of the URL action for the Internet Explorer process prev
click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings,

ates to see if they have been revoked.


ates to see if they have been revoked.
you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities be
you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities be
s if the Media Explorer Bar is enabled. If checked, the Media Explorer Bar will automatically display and play the media content when the u

ow selective text by default, and the user can change this.


ow selective text by default, and the user can change this.

r a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or 1,
r a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or 1,
option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting. If yo
option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting. If yo
gure it, this control will not be designated as administrator-approved.
setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history
setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history
ders use the words Add Active Channel for this option; however, a few use different words, such as Subscribe.
u" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this pol
tended for organizations that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in User

he Advanced page" policy removes the Advanced tab from the interface.

nternet Control Panel) takes precedence over this policy. If it is enabled, this policy is ignored.
the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. Caution: If
t this policy, because the "Disable the General page" policy removes the General tab from the interface. Note: The default Web page colors

uld be their default. The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Compone
emoves the General tab from the interface. Note: The default font settings colors are ignored in cases in which the Web page author has sp

r\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from t
he "Disable the General page" policy removes the General tab from the interface. Note: The default link colors are ignored on Web pages
\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence ove
his policy is ignored.

rol Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.

toolbars. This policy can be used in coordination with the "Disable customizing browser toolbars" policy, which prevents users from determ

oading of site subscription content" policy and the "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\W
sites. The "Disable editing schedules for offline pages" policy and the "Hide Favorites menu" policy (located in User Configuration\Administ
sting schedule for downloading Web content for offline viewing. This policy is intended for organizations that are concerned about server l

the user will be able to use the Import/Export Settings wizard.


the user will be able to use the Import/Export Settings wizard.
ctions page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Pa

mmand, the link will not open in a new window and they will be informed that the command is not available.

ers can remove the preconfigured settings for pages to be downloaded for offline viewing. This policy is intended for organizations that are

programs without user intervention.

ging Temporary Internet files settings" "Disable changing history settings" "Disable changing color settings" "Disable changing link color s
ging Temporary Internet files settings" "Disable changing history settings" "Disable changing color settings" "Disable changing link color s

https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and non
ers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the
ers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the

n be shown by the application as a user types in a password. The reveal password button is visible by default. On at least Windows 8, if the
n be shown by the application as a user types in a password. The reveal password button is visible by default. On at least Windows 8, if the
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
tion" message when they connect to a Web site that has no certificate or only one certificate.
tion" message when they connect to a Web site that has no certificate or only one certificate.
tion" message when they connect to a Web site that has no certificate or only one certificate.
tion" message when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
sage when they connect to a Web site that has no certificate or only one certificate.
tion" message when they connect to a Web site that has no certificate or only one certificate.
tion" message when they connect to a Web site that has no certificate or only one certificate.

ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ntrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
rol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ed publishers is silently downloaded.
ed publishers is silently downloaded.
ed publishers is silently downloaded.
ed publishers is silently downloaded.

ed publishers is silently downloaded.


ed publishers is silently downloaded.
ed publishers is silently downloaded.
ed publishers is silently downloaded.
ows are closed. If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder whe
ows are closed. If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder whe
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
r 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the sou
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictate
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
s policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
ess and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the shor
ess and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the shor
the Safety button and then clicking InPrivate Filtering.
the Safety button and then clicking InPrivate Filtering.
ing the Safety button and then clicking Tracking Protection.
ing the Safety button and then clicking Tracking Protection.

vent users from using the shortcut menu to open new browser windows, you should also set the "Disable Open in New Window menu opti
e "Disable Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Turn off Shortcut Menu
able this policy or do not configure it, users can save all elements on a Web page. The "File menu: Disable Save As... menu option" policy, w
t prevented from saving Web content by pointing to a link on a Web page, clicking the right mouse button, and then clicking Save Target As

nage their favorite links that are set up for offline viewing.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
ormation is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
The user can activate the feature by using the Compatibility View Settings dialog box.
The user can activate the feature by using the Compatibility View Settings dialog box.
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure t
le this policy setting, Internet Explorer will not require consistent MIME data for all received files. If you do not configure this policy setting
le this policy setting, Internet Explorer will not require consistent MIME data for all received files. If you do not configure this policy setting
et Explorer. If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explo
et Explorer. If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explo

MK protocol will fail.


MK protocol will fail.
ugh restricted protocols is prevented for File Explorer and Internet Explorer processes. If you do not configure this policy setting, the polic
ugh restricted protocols is prevented for File Explorer and Internet Explorer processes. If you do not configure this policy setting, the polic

ternet Explorer processes. If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer p
ternet Explorer processes. If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer p

opup windows and other restrictions apply for File Explorer and Internet Explorer processes.
opup windows and other restrictions apply for File Explorer and Internet Explorer processes.
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam

licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
eps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zone
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Low Safety.
policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Low Safety.
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pag
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in th
do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in th
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in th
do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in th
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int
do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user int

licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam

zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn
er of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also kn

ect - enables Web authors to add pop-up menus to Web pages To specify how administrator-approved controls are handled for each securi
User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings, click I
t Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zone
urity Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone
ones Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Cus
y, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
ns and access applications from other domains.
cannot open other windows and frames from different domains or access applications from different domains.
cannot open other windows and frames from different domains or access applications from different domains.
ns and access applications from other domains.
ns and access applications from other domains.
cannot open other windows and frames from different domains or access applications from different domains.
cannot open other windows and frames from different domains or access applications from different domains.
ns and access applications from other domains.
ns and access applications from other domains.
rity Zones Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click
he Programs tab in the Internet Options dialog box. Note that starting with Internet Explorer 10 on Windows 8, the check box is located on

ding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.
ding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.
change the positions of the menu bar and the navigation bar. If you disable this policy setting, the menu bar is below the navigation bar. T

button on the Settings charm.


button on the Settings charm.
gement" policy settings to prevent the user from configuring pop-up behavior.
gement" policy settings to prevent the user from configuring pop-up behavior.

e user can specify what action applies to searches on the Address bar.
e user can specify what action applies to searches on the Address bar.
op-result website or a search-results webpage in the main window. If you disable or do not configure this policy setting, the user can selec
op-result website or a search-results webpage in the main window. If you disable or do not configure this policy setting, the user can selec
is available in the Delete Browsing History dialog box. If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Tr
is available in the Delete Browsing History dialog box. If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Tr

serve InPrivate Filtering data when he or she clicks Delete.


serve InPrivate Filtering data when he or she clicks Delete.

bled by default.
bled by default.

he Accelerator menu.
he Accelerator menu.
without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide the mode of operation fo
without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide the mode of operation fo

xplorer may run the First Run wizard the first time the browser is started after installation.
xplorer may run the First Run wizard the first time the browser is started after installation.

pecify the cipher strength update information URL.

r can add or delete a feed or Web Slice by using the Feed APIs.
r can add or delete a feed or Web Slice by using the Feed APIs.

preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is em
preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is em
s not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Process
s not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Process
ented or allowed. If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type infor
ented or allowed. If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type infor
does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer process
does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer process
list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the p
list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the p
y to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over
y to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over
ols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignore
ols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignore
not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes
not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes
orer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setti
orer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setti
alue of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name
alue of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name
s policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this po
s policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this po
f the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not
f the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not
alue Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the
alue Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the

The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom admi
The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom admi
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
ents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
ents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
do not configure this policy setting, Internet Explorer will execute signed managed components.
do not configure this policy setting, Internet Explorer will execute signed managed components.
do not configure this policy setting, Internet Explorer will execute signed managed components.
do not configure this policy setting, Internet Explorer will execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will not execute signed managed components.
do not configure this policy setting, Internet Explorer will execute signed managed components.
do not configure this policy setting, Internet Explorer will execute signed managed components.
disk. This policy can be used in coordination with the "File Menu: Disable Open menu option" policy (located in \User Configuration\Adm
ecurity zones established by the administrator. Note: The "Disable the Security page" policy (located in \User Configuration\Administrative
which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is igno

n names are always converted to IDN format. If you disable or do not configure this policy setting, the user can control this setting by using
n names are always converted to IDN format. If you disable or do not configure this policy setting, the user can control this setting by using
nternet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting. If you dis
nternet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting. If you dis

et Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy. If you disable or
et Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy. If you disable or
policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The defa
policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The defa
esources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting. If you disable or
esources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting. If you disable or
all application caches. The default is 1 GB.
all application caches. The default is 1 GB.
mit for all indexed databases. The default is 4 GB.
mit for all indexed databases. The default is 4 GB.
must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly grow t
must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly grow t

ttings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Leve

re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
re blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
(Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special secu
(Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special secu
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica
tes by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatica

he last browsing session. If you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this op
he last browsing session. If you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this op

ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pa
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
ng submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatical
change the user interface in the Offline Favorites wizard. Note: The begin and end times for downloading are measured in minutes after m
g the Internet Options icon in Windows Control Panel. Also, see policies for Internet options in the \Administrative Templates\Windows Co
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
licy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the sam
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
e this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.

ompt appears.
ompt appears.
ble or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the thre
ble or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the thre
able, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology
able, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology

ample, use "file:///C:/Users/contoso/Desktop/index.htm" If you disable or don't configure this policy setting, the list is deleted and Interne
ample, use "file:///C:/Users/contoso/Desktop/index.htm" If you disable or don't configure this policy setting, the list is deleted and Interne

nts about how to correct the problem. The user cannot change this policy setting. If you do not configure this policy setting, the user can tu

not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. If you disable or do not config
not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. If you disable or do not config
y setting, images appear. The user cannot turn off image display. If you do not configure this policy setting, the user can turn on or turn off

creen Filter during the first-run experience.


creen Filter during the first-run experience.

rint flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.
rint flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.
from Web sites for Profile Assistant information.
from Web sites for Profile Assistant information.

prevent the sending of the path portion of URLs as UTF-8.


ngs. The default is to encode all query strings in UTF-8.
ngs. The default is to encode all query strings in UTF-8.
on or off, using the Settings charm.
on or off, using the Settings charm.

domains by using the WebSocket object. By default, the WebSocket object is enabled.
domains by using the WebSocket object. By default, the WebSocket object is enabled.

gs or user choice. If you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The user
gs or user choice. If you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The user

uggestions in the Internet Options dialog. By default, URL Suggestions are turned on.
uggestions in the Internet Options dialog. By default, URL Suggestions are turned on.
in the Address bar. The user cannot change this setting. If you do not configure this policy setting, the user can choose to turn the Use Win
in the Address bar. The user cannot change this setting. If you do not configure this policy setting, the user can choose to turn the Use Win
ions of Windows. If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This featur
ions of Windows. If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This featur

nfigure this policy setting, the user can decide whether to start Internet Explorer automatically to complete the signup process after the br
cted Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista. If you do not configure thi
cted Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista. If you do not configure thi
orer 7, and Internet Explorer 8. By default, inline AutoComplete is turned on for Internet Explorer 9.
r content written to common Internet standards may be displayed incorrectly. If you disable this policy setting, Internet Explorer uses a cu
r content written to common Internet standards may be displayed incorrectly. If you disable this policy setting, Internet Explorer uses a cu
tring appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mo
tring appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mo

fication bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user turns
fication bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user turns
round colors and images.
re this policy setting, the user can turn on or turn off the display of script errors.
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directl
f you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directl
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directl
f you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directl
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w
f you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly w

enu" policy, which disables the entire shortcut menu.


ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, W
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, W
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, W
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, W
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
rity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, the p
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, a
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, a
licy Tablet PC users can report handwriting recognition errors to Microsoft.
licy Tablet PC users can report handwriting recognition errors to Microsoft.

ms, compound authentication or armoring. If you configure the "Not supported" option, the domain controller does not support claims, co

out previous logons during user logon" policy setting is enabled. Note: Information about previous logons is provided only if the domain f
r do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the clien
because the name is not found, NTLM authentication might be used. To ensure consistent behavior, this policy setting must be supported
n buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. If you disable or do no
do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded aut
ax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, re
e realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Value N
vocation check fails.
Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerbe
equired to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve clai
mputer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of th
this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.
Kerberos client or server uses the locally configured value or the default value. Note: This policy setting configures the existing MaxTokenS
f proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button.
n is never provided for this computer account. Automatic: Compound authentication is provided for this computer account when one or m
Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certific

top. Remove any cipher suites you don't want to use. Note: When configuring this security setting, changes will not take effect until you re
for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the

t use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing a

work, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead. If y
k. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public n

nd Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. T

r"" screen on Windows 2000 Server. Note: This setting appears in the Computer Configuration and User Configuration folders. If both setti
r"" screen on Windows 2000 Server. Note: This setting appears in the Computer Configuration and User Configuration folders. If both setti

setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Co
setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Co
omputer Configuration takes precedence over the policy setting in User Configuration. Note: Customized run-once lists are stored in the re
omputer Configuration takes precedence over the policy setting in User Configuration. Note: Customized run-once lists are stored in the re

you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon. Note: This setting appea
you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon. Note: This setting appea
itted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use o
itted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use o
itted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use o
ever, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users a
tting if you plan to permit use of most snap-ins. To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and th
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. To explicitly pe
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en
mines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is en

configure this policy setting, Windows presentation settings can be invoked.


configure this policy setting, Windows presentation settings can be invoked.

nel will apply.


d for this policy setting to take effect. Changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy S
nable this policy setting for local and remote troubleshooting, MSDT always prompts for additional tool downloading. If you disable this po
service restarts are required for this policy setting to take effect. Changes take effect immediately.
mitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when th
If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated
move Programs. This policy setting does not affect installations that run in the user's security context. By default, users can install patches
only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or display
do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator
do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator
will remain on disk and will be deleted when the product is removed. If you set the baseline cache to 100, the Windows Installer will use av
w feature must be added as a new leaf feature to an existing feature tree. If you disable or do not configure this policy setting, the Window

lied cautiously.
vated system privileges, such as installations offered on the desktop or in Add or Remove Programs. Also, see the "Enable user to use med
ed system privileges, such as those offered on the desktop or in Add or Remove Programs. Also, see the "Enable user to patch elevated pro

e from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an adminis
ts malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files.
ts malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files.
use behavior is used. -- The "Restart Manager Off for Legacy App Setup" option applies to packages that were created for Windows Installe
causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in the
context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations off
policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files. If you disable this policy setting, W
enting that source type.
ed by the letters "iweap."
as in before installing the application.
havior when specified via the MsiLogging policy. Log files can still be generated using the logging command line switch or the Logging polic

applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publis
for headless operation and is the default recovery behavior on Windows server. Troubleshooting Only: Detection and verification of file co
Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not

IPv6 address of an IPsec tunnel endpoint. Example: PING:2002:836b:1::836b:1. You must configure this setting to have complete NCA fun
ss server by specifying IPv6 addresses rather than names. The ability to disconnect allows users to specify single-label, unqualified names

on will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorith
ll not attempt to verify any passwords with the PDC emulator. If you do not configure this policy setting, it is not applied to any DCs.
ever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names. If
s (as recommended). For these reasons, NetBIOS-based discovery is not recommended. Note that this policy setting does not affect NetBIO
n network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient lo
used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to en
share will grant shared read access to files on the share when exclusive access is requested. Note: The Netlogon share is a share created by
65535. If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
quent automatic discovery of DCs in a trusted domain. To enable the setting, click Enabled, and then specify the interval in seconds.
t shared read access to files on the share when exclusive access is requested. Note: The SYSVOL share is a share created by the Net Logon

To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 65535. If
n exhaustive address lookup to discover additional client IP addresses. 2 - DCs will perform a fast, DNS-only address lookup to discover add
Gc SRV _ldap._tcp.gc._msdcs.<DnsForestName> GcAtSite SRV _ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName> D
as described above.

mpt to find DCs even when none are available.


m value for this setting is to always refresh (0).
instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserv

they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subne
ry access and replication. To specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in

by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. If you en
ot register site-specific DC Locator DNS SRV records for any other sites but their own. If you do not configure this policy setting, it is not ap
Domain policy is not enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory domain
n. If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it is not disabled o
value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. Warning: If the value for this setting i
ed. Warning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set
f the value for this setting is smaller than the value specified for the Initial DC Discovery Retry Setting, the Initial DC Discovery Retry Setting

ld disable this setting once all DCs are running the same OS version. The allowable values for this setting result in the following behaviors:
operties appears on the File menu. If you disable this setting (and enable the "Enable Network Connections settings for Administrators" se
ers (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections,
ons settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computer
all-user remote access connections. Note: This setting does not apply to Administrators Note: When the "Ability to rename LAN connectio
le to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
d, this setting will not apply to administrators on post-Windows 2000 computers. If this setting is not configured, only Administrators and

o prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections
t-Windows 2000 computers. If you disable this setting or do not configure it, a Properties menu item appears when users right-click the ico
ctions settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 compu
00 computers. If you disable this setting or do not configure it, the Properties button is enabled for all users. The Networking tab of the R
s on post-Windows 2000 computers. If you disable this setting or do not configure it, the Advanced Settings item is enabled for administrat
t configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the M
t-Windows 2000 computers. If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.
ws 2000 computers. If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the
tems are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private con
tions are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the con
not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one u
log box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enab
able this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this settin
2000 computers. If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access conne
uters. If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box. Note: Thi
a stateful packet filter for home and small office users to protect them from Internet network security threats. If you enable this setting, In
et Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. If you disable this setting
to show the connection icon in the taskbar from the Connection Properties dialog box. Important: If the "Enable Network Connections setti
setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network. If you
as an error to the user. If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an I
policy configuration the sole list of allowed proxies, enable the "Proxy definitions are authoritative" setting. If you disable or do not configu
2::1000]; 18.0.0.1; 18.0.0.2 For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
y. To ensure that these addresses are the only addresses ever classified as private, enable the "Subnet definitions are authoritative" policy

nformation see: http://go.microsoft.com/fwlink/p/?LinkId=234043

ou disable this setting or select the "Work offline" option, users can work offline if disconnected. If you do not configure this setting, users
ou disable this setting or select the "Work offline" option, users can work offline if disconnected. If you do not configure this setting, users
uter is restarted.

e 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server on a
nection is considered to be slow. Note: Use the following formula when entering the slow link value: [ bps / 100]. For example, if you want
if the round-trip network latency is above (slower than) the Latency threshold parameter. You can configure the slow-link mode by specify
omatic-cache disk space limit. If you disable this setting, the system limits the space that automatically cached files occupy to 10 percent of

onfigure slow-link mode" policy to avoid network usage.


setting is triggered by the configured round trip network latency value. We recommend using this policy setting when the network connec
e unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive
lso records an event when the server hosting the offline file is disconnected from the network. "2" also records events when the local com
lso records an event when the server hosting the offline file is disconnected from the network. "2" also records events when the local com
se this setting, type the file name extension in the "Extensions" box. To type more than one extension, separate the extensions with a sem
er Configuration.
er Configuration.
a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Configu
a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Configu
synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current. If you do not configure
synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current. If you do not configure
multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
ffline files, but users can change the setting. To prevent users from changing the setting while a setting is in effect, the system disables the
ffline files, but users can change the setting. To prevent users from changing the setting while a setting is in effect, the system disables the

ers perform PNRP lookups.


ers perform PNRP lookups.
ers perform PNRP lookups.
ur corporation. 1. In order to use the global, well known seed server on the Internet only; enable the setting, leave the seed server list emp
ocol will revert to using a public registry key to determine the seed server to bootstrap from.
ured, the protocol will revert to using a public registry key to determine the seed server to bootstrap from.

h as ad hoc networking scenarios). If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet. If this setting
uch as ad hoc networking scenarios). If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet. If this settin
uch as ad hoc networking scenarios). If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet. If this settin
mputer has a site-local address. If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to pu
mputer has a site-local address. If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to pu
mputer has a site-local address. If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to pu

used for both the maximum and minimum PIN lengths.


used for both the maximum and minimum PIN lengths.

ice for desktop authentication.


CA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibil

the value, clients begin caching content after they receive it from the file servers. Policy configuration Select one of the following: - Not C
hes their operating system. Policy configuration Select one of the following: - Not Configured. With this selection, this policy setting is not
hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to t
anchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers dete
age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local compute
client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCa
Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not applied to client comp
but you do not want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for
puters are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this d

s available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Boot Performance p
sted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Shu
to the user that assisted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resol
ted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Syste

powered state, ready for power to be safely removed. If you disable or do not configure this policy setting, the computer system safely shu
ransition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
ransition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.

e Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
e Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
tting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a mo
tting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a mo
Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configu
Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configu
owerShell session. If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcri
owerShell session. If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcri
policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Confi
policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Confi
f a local file.
f a local file.
ore button is active when the previous version is of a local file and stored on the backup.
ore button is active when the previous version is of a local file and stored on the backup.
e previous version is of a file on a file share.
e previous version is of a file on a file share.
net. Also, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common Web site to find
ers on your network, ensure that network discovery is turned on. To turn on network discovery, click "Start", click "Control Panel", and then
of printers to display to 0.

print server, and the server will simply pass the commands to the printer. This increases the workload of the client while decreasing the loa
users to find the printers you want them to add. Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Interne
from the shown list. If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users

and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers tha
o effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "

nel-mode driver will not be allowed. Note: By applying this policy, existing kernel-mode drivers will be disabled upon installation of service

ly to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without
he behavior depends on the version of Windows that you are using. By default, Windows Ultimate, Professional and Home SKUs will conti
l be isolated. If you disable this policy setting, then print drivers will be loaded within all associated application processes. Notes: -This po

tting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting take
to a specific print server. If this setting is enabled, users will only be able to package point and print to print servers approved by the netwo
to a specific print server. If this setting is enabled, users will only be able to package point and print to print servers approved by the netwo
nings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
nings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
Printer wizard's Printer Name and Sharing Location screen and to the General tab in the Printer Properties dialog box. If you enable the Gr
g other programs to add printers. This setting does not delete printers that users have already added. However, if users have not added a p

a client computer announces a printer to a print browse master on the domain.

rinters. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.

ween contact attempts. If you do not configure or disable this setting the default values will be used. Note: This setting is used only on do
n controllers.
ows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries. If you enable this s
retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from
oin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Dir
mmend their use, or to enable users to install them without having to search for installation files. If this setting is enabled, users cannot vie

ogram access or defaults. This setting does not prevent the Default Programs icon from appearing on the Start menu.

enabled, this setting is ignored.


When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other too
when configuring that network adapter.
nored when configuring that network adapter.

r, this setting is ignored when configuring that network adapter.


, this setting is ignored when configuring that network adapter.

g is ignored when configuring that network adapter.


g is ignored when configuring that network adapter.

kets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
work adapter in the registry, this setting is ignored when configuring that network adapter.
pter, this setting is ignored when configuring that network adapter.
er, this setting is ignored when configuring that network adapter.

d when configuring that network adapter.


ignored when configuring that network adapter.

d providers.
t assisted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Window
ult setting. If you disable this policy setting, the items "Use a system image you created earlier to recover your computer" and "Reinstall W
ows Server 2003. See "Supported on" for all supported versions.
rsions.) If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displ
is every 60 seconds beginning with Windows Server 2003. Note: This feature might interfere with power configuration settings that turn o

this computer. If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
tting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to rem
n on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote A
this policy setting, the user sees the default warning message.
occurs at the level specified. If you disable this policy setting, application-based settings are used. If you do not configure this policy setting
tain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mappe
f you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and c
e information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only
us code to indicate an error condition. If you enable this policy setting, the RPC runtime will generate extended error information. You mu
ne" on Windows Server versions that support this policy setting. If you do not configure this policy setting, it remains disabled. The RPC se
family/Windows XP SP1 or higher versions. If either the RPC Client or the RPC Server or the RPC HTTP Proxy run on an older version of Win

no longer visible on startup, whether this policy setting is enabled or not.


Also, see the "Run Logon Scripts Visible" setting.
folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
on startup, whether the ""Run startup scripts visible"" policy setting is enabled or not.
ter startup scripts: GPO B: B.cmd, B.ps1 GPO C: C.cmd, C.ps1 Assume also that there are two computers, DesktopIT and DesktopSales. Fo
.cmd, C.ps1 Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, the s
.cmd, C.ps1 Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, the s
hey take, type 0. This interval is particularly important when other system tasks must wait while the scripts complete. By default, each star

rface. If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computer
do not configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local tr
, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033. http://sitename/_layouts/XXXX/searchresults
Search.aspx?k=$w If your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where

is rebuilt completely. Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the locatio

the web over metered connections, and if the web results are displayed in Search. Note: If you enable the "Don't search the web or displa
y indexing of online delegate mailboxes. Online delegate mailboxes are managed separately from online mailboxes. The "Enable Indexing o

peed of 120 items per minute. This policy has no effect on mail items when using Microsoft Office Outlook in cached mode.

hen disable this policy setting, users can index any path not restricted by other policies, but their original list of paths to index is not restore

nistration guide for information about how to set up the initial machine preference.

ed desktop environment, this setting is redundant because non-administrative users do not have permission to install new components. If y
disable or don't configure this policy setting, users can choose what information is shared in Search.

are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect. If you do no

days] setting (in Windows Server 2012) that is configured in the Server Manager console. If you disable this policy setting, Server Manage
window at logon" option, the window is not displayed on subsequent logons.

ed, the console is not displayed automatically at logon. Note: Regardless of the status of this policy setting, Server Manager is available fro
a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with wim: and include the index of the ima

able this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Mic
able this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Mic

ser profile after an administrator has opted in the computer.


m starting programs in the command window even though they would be prevented from doing so using File Explorer. Note: Non-Microsoft

om starting programs in the command window even though they would be prevented from doing so using File Explorer. Note: Non-Micros
tting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card.
st also have an associated ECDH key to permit logons when you are not connected to the network.

xpired or not yet valid will not be listed on the logon screen.

art card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server wil
ss of the feature set of the CSP. If you disable or do not configure this setting, Windows will only attempt to read the default certificate fro

per organization. If you enable this policy setting or do not configure this setting, then the subject name will be reversed. If you disable , th

gent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for
nfigure using this setting. If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on t
s trap messages to the hosts within the "public" community. If you disable or do not configure this policy setting, the SNMP service takes t

of the file server configuration. If you do not configure this policy setting, users see a standard Access Denied message unless the file serv

obal Resource Property List in AD DS provides the default set of properties.


its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
ct the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del. Note: To add or remove the Log Off item

m saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder. Also, see the "Remove Recent Items m

ew notifications.
If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars
disable or do not configure this setting, the system will store and display shortcuts to recently and frequently used files, folders, and websi

target drive in an attempt to find the file. Note: This policy setting only applies to target files on NTFS partitions. FAT partitions do not have
earch of the target drive in an attempt to find the file. Note: This policy setting only applies to target files on NTFS partitions. FAT partitions
esktop icons are now on the Start page. If you do not configure this setting, the default is the new style, and the user can change the view

tting, because if the notification area is hidden, there is no need to clean up the icons.

Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is lock

the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security scre

licy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.

r Advanced Start menu options. Note:The items that appear in the Favorites menu when you install Windows are preconfigured by the sys

xes, and Microsoft updates that users need and shows the newest versions available for download. If you disable or do not configure this p
y dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off. Tip: To add or re

e the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections f

ders from Settings are available on the Start menu, and from Computer and File Explorer. Also, see the "Disable Control Panel," "Disable D
ear in the Recent Items menu. When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove i

ndows logo) + R. If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task

oolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-cl
pear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the d

path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\Lay
path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\Lay

acking and personalized menus and ignores this setting. Tip: To Turn off personalized menus without specifying a setting, click Start, click Se
nning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning progr

Restore settings through System Protection. Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Re
og box. If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the I
og box. If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the I
o any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Optio
o any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Optio
in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. If you
in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. If you

ely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will
licy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input
licy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input
not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, application auto complete lis
not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, application auto complete lis

At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog
configure this setting in the Input Panel Options dialog box. If you enable this policy and choose Tolerant," users will be able to use the Z
configure this setting in the Input Panel Options dialog box. If you enable this policy and choose Tolerant," users will be able to use the Z

es described above will be available.


es described above will be available.
cularly over slow network connections. If you disable or do not configure this policy setting, all files that the user opens appear in the men

take effect.

sted or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting
sted or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting
er Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User C
er Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User C

ask runs. Important: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled T
ask runs. Important: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled T
Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence ove
Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence ove

ks from remote computers.


t.exe to delete tasks.
t.exe to delete tasks.
nk-local IPv6 connectivity and a public IPv4 address. If no global IPv6 address is present and no global IPv4 address is present, the host will

TPS interfaces are present on the host.

each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP router name is not resolved success

sable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate

he host is on a network that includes a domain controller.


y connectivity and throughput problems casued by Firewalls or other middle boxes.
e user receives a message that the publisher has been blocked.
e user receives a message that the publisher has been blocked.
are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a
s that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. W
ult, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server
ning at least Windows 7, or Windows Server 2008 R2. If you enable this policy setting, audio recording redirection is allowed. If you disabl

necting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 and later.
Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in
are prompted for a password to log on. If you disable this policy setting, users can always log on to Remote Desktop Services automatically

an configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop C
vailable that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage
oteFX vGPU virtual machines be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set o
in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. If you e
ht still be active. If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in min
ng, you must specify the name of a farm in RD Connection Broker. If you disable or do not configure this policy setting, the farm name is no
ovide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. If you disable or do not configure this policy setting
re-accelerated compression scheme. If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN con
twork condition."
t server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host
n 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the
policy setting, client printer mapping is not specified at the Group Policy level.
on is not specified at the Group Policy level.
cy setting, COM port redirection is not specified at the Group Policy level.
Windows XP. If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is alway

write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. Note: The preferred method of man
he Group Policy level.

le this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy
not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specifi
ou do not configure this policy setting, the default printer is not specified at the Group Policy level.
mporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote co
e this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, you
olicy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec will not be able to connect to
ktop Services sessions policy settings. If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out
ktop Services sessions policy settings. If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out
Remote Desktop Services session. If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, dependin
you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a l
tion Broker server name policy setting. If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user s
member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty. If you disable or do
be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you sp
olor depth supported by the client will be used. If you disable or do not configure this policy setting, the color depth for connections is not
y each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the R
llows two Remote Desktop Services sessions. To use this setting, enter the number of connections you want to specify as the maximum fo
fied at the Group Policy level.
f the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that y
Desktop Services sessions are optimized for rich multimedia.
utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. By default, Remo
ning Windows Server 2003. By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license se

n both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on t
x. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does n

d for RPC clients that do not respond to the request. If the status is set to Not Configured, unsecured communication is allowed. Note: The
ession Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD
ote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Netwo

quality. If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the netw
timal protocols for delivering the best user experience.
ted. Automatic certificate selection only occurs when a specific certificate has not been selected. If no certificate can be found that was cr
h. The following encryption methods are available: * High: The High setting encrypts data sent from the client to the server and from the s
ers named for the account name of each user. To configure this policy setting, type the path to the network share in the form of \\Compute
hod by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication met
thod by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite
h" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Servic
to watch the session of a remote user with the user's consent. 5. View Session without user's permission: Allows the administrator to watc
to watch the session of a remote user with the user's consent. 5. View Session without user's permission: Allows the administrator to watc
ktop license server. If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.
y. If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop
y. If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop
configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows session
configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows session
policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that d
policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that d
RL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connecti
o nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the c
blisher. Notes: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure th

is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable
is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable
registered in the background.

pplications published as RemoteApp programs do not support these advanced graphics.


e able to connect directly by IP address to RD Session Host servers in the farm. If you disable this policy setting, the IP address of the RD Se
this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" poli
ou disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session H
ou disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session H
e Desktop Services sessions use the hardware graphics renderer by default. NOTE: The policy setting affects only the default graphics proce
n Services. 2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server. I
for remote desktop sessions. On the client computer, you can configure desktop composition on the Experience tab in Remote Desktop Con
ted when a user starts a Remote Desktop Services session. If you enable this policy setting, remote users can start any program on the RD
when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified,
on is not specified at the Group Policy level.
Remote Desktop Connection (RDC) or by using the "allow font smoothing" setting in a Remote Desktop Protocol (.rdp) file. If you enable

n the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Wind

eApp session will be logged off from the RD Session Host server. If the user starts a RemoteApp program before the time limit is reached, t
eApp session will be logged off from the RD Session Host server. If the user starts a RemoteApp program before the time limit is reached, t

n the order in which they are received.

do not have an existing session log on to the first RD Session Host server to which they connect. If you do not configure this policy setting,

ws will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authenti
those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands
oup Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Grou
TPM commands. If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in add
h time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authoriza

ure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occur
ministrator group is also given full control to the user's profile folder. If you disable or do not configure this policy setting, only the user is g
As a result, users can access any directory on the home share by using the home directory drive letter. If you disable or do not configure th
the server before considering the connection to be slow. If you disable or do not configure this policy setting, Windows considers the netw
hen the user logs off. The roaming profile still remains on the network server that stores it. If you disable or do not configure this policy setti

u disable this policy setting or do not configure it, slow link detection is enabled. The system measures the speed of the connection betwe
amily, Windows 2000 Professional SP4 and Windows XP SP1, the default behavior is to check the folder for the correct permissions if the pr
are closed. If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are a
a temporary profile when Windows cannot load their user profile. Also, see the "Delete cached copies of roaming profiles" policy setting.
Server 2012 version of the Active Directory schema to function. If you enable this policy setting and the user has a roaming profile, the roa
ws waits for user input before using a default user profile for roaming user profiles. The default timeout value is 30 seconds. To use this polic
d Appdata\LocalLow folders and all their subfolders such as the History, Temp, and Temporary Internet Files folders are excluded from the u
g, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from t
g users of the oversized profile. -- Determine how often the customized message is displayed. Note: In operating systems earlier than Micr
once per second) to unload and update the registry settings. By default, the system repeats its periodic attempts 60 times (over the course
his setting, the following occurs on the affected computer: At first logon, the user receives a new local profile, rather than the roaming profi
persisted. If you enable this policy setting, changes a user makes to their roaming profile aren't merged with the server (roaming) copy wh
box appears on the logon screen and the user must choose whether to download the remote user profile before Windows detects the net
pecified in this policy setting. Setting the value to zero causes Windows to proceed without waiting for the network. If you disable or do no
file. If you enable this policy setting, all users logging on this computer will use the roaming profile path specified in this policy. If you disa
f 6 hours, the registry file of the roaming user profile is uploaded to the server every six hours while the user is logged on. If "Run at specifi
HomeFolder) in the Path box. Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user n
other cached data via Offline Files and continue to remain online while the user is logged on, if the network paths are accessible. Note: Yo

etting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that h
to load, the system loads the local copy of the roaming user profile. The local copy is also used when the user is consulted (as set in the "P
. When this policy setting is enabled, select the "Do not install BitLocker To Go Reader on FAT formatted fixed drives" check box to help pre
ected drives. When this policy setting is enabled, select the "Do not install BitLocker To Go Reader on FAT formatted removable drives" che
ot be used.
nlock certificate. The Network Unlock certificate is used to create Network Key Protectors, and protects the information exchanged with the
e legacy platform integrity validation, even on systems capable of Secure Boot-based integrity validation. When this policy is enabled and t
he computer's top-level folder view. If you disable or do not configure this policy setting, the BitLocker setup wizard will display the compu
S-CBC 256-bit if the drive will be used in other devices that are not running Windows 10 (Version 1511). If you disable or do not configure
encrypt drives. If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) a
n algorithm and key cipher strength for BitLocker to use to encrypt drives. If you disable or do not configure this policy setting, BitLocker w
t adding data recovery agents. In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, o
Microsoft TechNet for more information about adding data recovery agents. In "Configure user storage of BitLocker recovery information" s
mation about adding data recovery agents. In "Configure user storage of BitLocker recovery information" select whether users are allowed,
zard displays to users for recovering BitLocker encrypted data. Saving to a USB flash drive will store the 48-digit recovery password as a text

e you type in the "Custom recovery message option" text box will be displayed in the pre-boot key recovery screen. If a recovery URL is avai
ock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recove
rm validation profile for native UEFI firmware configurations" group policy setting to configure the TPM PCR profile for computers using na
firmware configurations" group policy setting to configure the TPM PCR profile for computers with BIOS configurations or computers with
ms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based encrypti
lgorithms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based
orithms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based en
en unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you enable this policy setti
Locker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you enable
allow unlocking a drive with any of the protectors available on the drive. If you enable this policy setting, users can configure a password
cards to authenticate their access to BitLocker-protected fixed data drives. If you do not configure this policy setting, smart cards can be us
e smart cards to authenticate their access to BitLocker-protected removable data drives. If you do not configure this policy setting, smart ca
be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled, the service will remain running. If both are
on will run at a default frequency.
pproximately five seconds.

p scans for scheduled full scans will be turned off.


ch-up scans for scheduled quick scans will be turned off.
ork performance. If you enable or do not configure this setting, definition retirement will be enabled. If you disable this setting, definition

ons to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Exten


ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ueries in this zone using Search Connectors.
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna
ne, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbna

you disable or do not configure this policy setting, Windows SmartScreen behavior is managed by administrators on the PC by using Windo

patibility issues in applications that depend on the existence of the known folder.

this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon cre

arget path. It does not search for the original path even when it cannot find the target file in the current target path. If you disable or do n
, on the File menu, click Open. Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP comm
e new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to
programs. To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open. Note: In Windows Vista,
, or in a command window. Also, this policy setting does not prevent users from using programs to access these drives or their contents. A
methods to start Computer Management. Tip: To hide all context menus, use the "Remove File Explorer's default context menu" setting.
e displayed in the Places Bar. Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP comm

connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog
g box or the Map Network Drive dialog box. To remove computers in the user's workgroup or domain from lists of network resources, use t
gain" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search s
ified .Library-ms or .searchConnector-ms file. You can add up to five additional links to the "Search again" links at the bottom of results ret
he specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the
plain tab states incorrectly that this setting prevents users from connecting and disconnecting drives. Note: It is a requirement for third-pa

t the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Searc

is part of a workgroup. Note: The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Profes

ps" option in Display in Control Panel.


off and logging on again using their administrator credentials. If the dialog box does not appear, the installation proceeds with the current
applied at logon time. If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol a

nt uses of the search box.

ble this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. If you do not config
ble this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. If you do not config

from the scope of Start search This policy will not enable users to add unsupported locations to Libraries. If you enable this policy, Windo

ed to the user. Note: In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web vi
ary file and functions as if both new and old locations point to different shares when their network paths are different. Note: If the paths p

ure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003.
ing setup. Note: This policy setting affects file scanning only. It does not affect the standard background file change detection that Window

to the list, upon disabling this policy, Windows Firewall deletes the list. Note: You define entries in this list by using Security Descriptor De
e. If you disable this policy setting, Windows Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities t
e. If you disable this policy setting, Windows Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities t
haring files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Fir
haring files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Fir
dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control connections to S
dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control connections to S
ministrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows
ministrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows
s these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by ad
s these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by ad
in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Polic
in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Polic
o create firewall rules in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying
o create firewall rules in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying
hat the Windows Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %system
hat the Windows Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %system
o remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add
o remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add
inbound port exceptions" policy setting. To view the program list, enable the policy setting and then click the Show button. To add a progra
inbound port exceptions" policy setting. To view the program list, enable the policy setting and then click the Show button. To add a progra
tting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Con
tting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Con
abled, except that in the Windows Firewall component of Control Panel, the "Notify me when Windows Firewall blocks a new program" ch
abled, except that in the Windows Firewall component of Control Panel, the "Notify me when Windows Firewall blocks a new program" ch
a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Firewall always permits
a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Firewall always permits
ohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.
ohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.

he license is generated locally in this scenario. When this policy is either disabled or not configured, Windows Media DRM functions norma
can change the setting for the Allow screen saver during playback check box.
protocol and the proxy cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. Thi
entire Network tab is hidden. This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast is not
buffering options on the Performance tab.
entire Network tab is hidden. If you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP pro

options in the anchor window are not available.

vacy settings not configured by other polices.

layer for the first time.


Ds from the Internet check box.

the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.
ng check box. Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems.
r has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot ch
streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected. If you enable this

: If you do not want users to use Windows Messenger, enable the "Do not allow Windows Messenger to run" policy setting. Note: This pol
: If you do not want users to use Windows Messenger, enable the "Do not allow Windows Messenger to run" policy setting. Note: This pol

a remote computer, regardless of whether or not any WinRM listeners are configured. The service listens on the addresses specified by th

on values to be set for plug-ins and the RunAsPassword value will be stored securely. If you enable and then disable this policy setting,any v
uest containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted
each computer.

ase of updates that contain User Interface , End User License Agreement , or Windows Update setting changes. There are two situations w
n intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting. Note: This policy is not s
22 hours. Note: The "Specify intranet Microsoft update service location" setting must be enabled for this policy to have effect. Note: If the
vailable updates. 3 = (Default setting) Download the updates automatically and notify when they are ready to be installed Windows finds

e for installation at the time the user selects the Shut Down option in the Start menu. Note that this policy setting has no impact if the Use
e for installation at the time the user selects the Shut Down option in the Start menu. Note that this policy setting has no impact if the Com

update service. Note: This policy applies only when the intranet Microsoft update service this computer is directed to is configured to supp
date if an install deadline occurs. The system will not wake unless there are updates to be installed. If the system is on battery power, when
automatically restart in 5 minutes to complete the installation. Note: This policy applies only when Automatic Updates is configured to pe
onfigure one of the following notification options: 0 = Do not show any notifications This setting will remove all access to Windows Updat

gured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.

status is set to Enabled, the Automatic Updates client connects to the specified intranet Microsoft update service, instead of Windows Upd

more information about the software or install it. The user can also click "Close this message" or "Show me later" to defer the notification
catalog customized for your computer that consists of items such as drivers, critical updates, Help files, and Internet products that you can d

ully qualified path to the file. If you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer in
nly Ease of Access applications running on the secure desktop can simulate the SAS.
th the Microsoft Windows desktop. For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed fu
setting. If Set action to take when logon hours expire is disabled or not configured, the Remove logon hours expiration warnings settin

gure this setting, the system takes no action when the users logon hours expire. The user can continue the existing session, but cannot log
after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts.

own faster and more smoothly.

s. "Enable paid services" enables Windows to temporarily connect to open hotspots to determine if paid services are available. If this poli

or is not configured, the cost of Wireless LAN connections is Unrestricted by default.


" policy setting does not apply to a user, Work Folders is not automatically set up. If you disable or do not configure this policy setting, Wo
ents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in whic

l API calls from within the application. If you disable or do not configure this policy setting, the client computer will connect to WNS at use

he cost of 3G connections is Fixed by default.


he cost of 4G connections is Fixed by default.
all sites in Trusted zones.
immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected

grams from removable media, regardless of this setting.

ministrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using o
nu. See the "Remove Set Program Access and Defaults from Start menu" setting.

ormation hyperlink.
ms they are most likely to need. Note: This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New

, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit compo

rotection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application pro

ot configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting

stem accurately reflects those changes.


an app package) of Windows Store apps when using a special profile. If you disable or do not configure this policy setting, Group Policy blo

ault desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerab
ault desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerab

he file's zone information. If you enable this policy setting, you can specify the default risk level for file types. If you disable this policy setti

istered antivirus programs when file attachments are opened.


nt data. If you disable this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type. If you do no
security events will be able to read the command line arguments for any successfully created process. Command line arguments can conta
or for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executing
or for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executing
is setting to enable Autoplay on drives on which it is disabled by default. If you disable or do not configure this policy setting, AutoPlay is e
is setting to enable Autoplay on drives on which it is disabled by default. If you disable or do not configure this policy setting, AutoPlay is e

t that someone forgets their logon credentials.

uter to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possible

er caching" policy setting is disabled or not configured.

tting is disabled or not configured.

sable or do not configure this policy setting, BITS uses all available unused bandwidth. Note: You should base the limit on the speed of the
e maximum network bandwidth used for peer caching. If you disable this policy setting or do not configure it, the default value of 30 perce
ated by services and the local administrator account do not count toward this limit.

not roaming. The values that can be assigned are: - Always transfer - Transfer unless roaming - Transfer unless surcharge app
ble or do not configure this policy setting, the limits defined for work or nonwork schedules will be used. Note: The bandwidth limits that
e. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Frida
eout to specified number of days. If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the in

perform all its functions, or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both settin
perform all its functions, or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both settin
l Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization. Note: For Windows V

oft.Mouse, Microsoft.System, or Microsoft.Personalization. Note: For Windows Vista, Windows Server 2008, and earlier versions of Windo

he Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstyles Note: To select the Windows Classic visual style, leave the
es, the setting is ignored. Note: This setting can be superseded by the "Enable Screen Saver" setting. If the "Enable Screen Saver" setting is
e Screen Saver dialog, use the "Prevent changing Screen Saver" setting.

Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.
ount pictures.
figure the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password w

wise enabled credential providers are available for authentication purposes.

on. For more information, see KB. FWlink for KB: http://go.microsoft.com/fwlink/?LinkId=301508 Note: The "Allow delegating default cre
e user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/
e. Note: The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represe
fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN r
ed to any machine. Note: The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs)
f saved credentials is not permitted to any machine. If you disable this policy setting, delegation of saved credentials is not permitted to an
MSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMS
: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine T
PN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam
Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration\Administrative Templates\S

ing on their computers, including system services, find the executable names of programs, and change the priority of the process in which
view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and

on to the system.

ed. Users cannot change this specification. If you disable this setting or do not configure it, no wallpaper is displayed. However, users can s

of expansive searches.

this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless res
ou must either: 1) first update the policy to a non-protected policy and then disable the setting, or 2) disable the setting and then remove
ith this feature or the system may crash. Ensure that this policy setting is only deployed to computers which are known to be compatible. C

se device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a rem
s" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop ser

whether to permit unsigned files to be installed. "Warn" is the default. -- "Block" directs the system to refuse to install unsigned files. As a

e devices" policy setting.

er policy settings.
ces from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install a
oft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates.

m/Internet Communication Management/Internet Communication settings.

o not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches sourc

diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. Note: F
solution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No reboots or s
s policy setting is applicable only if the NV cache feature is on.

policy settings for the NV cache are appropriately configured. Note: This policy setting will take effect on next boot. If you do not configur

articular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system
were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write t
is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whet
. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries wind
t affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volum

d from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list. If att

ffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft
figuration for individual network connections.

ceived from networks higher in the binding order. Note: This policy setting is applicable only if the turn off smart multi-homed name reso
mputer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. Devolution is not enabled if a global su
of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. De
addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting. For example
nly if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A rec
interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records. To sp
rd with an A resource record that has the client's current IP address. If you enable this policy setting or if you do not configure this policy s

etwork adapters.
timized when issuing DNS, LLMNR and NetBT queries.
ed or not configured.
nsecured update is refused, clients try to use secure update.
horitative for the resource records that the computer needs to update.

filtered by default. This policy setting applies to Japanese Microsoft IME only. Note: Changes to this setting will not take effect until the use

fied by the Early Launch Antimalware boot-start driver. If you enable this policy setting you will be able to choose which boot-start drivers
n Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users have c

y reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders
queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page in
heck for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. - 3 (Send par
heck for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. - 3 (Send par
u disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting

ed or not configured, user settings in Control Panel for Windows Error Reporting are applied.
ed or not configured, user settings in Control Panel for Windows Error Reporting are applied.
tification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notificati

r the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file n
ble or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
ble or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
ng is configured to report all application errors. If this policy setting is enabled, the Exclude errors for applications on this list setting takes p
is change across all tools and APIs.

s all tools and APIs.


rators group can make changes using the Windows To Go Startup Options Control Panel item.

ted automatically. Windows will log an administrator event with instructions if manual recovery is possible. If you enable this setting, the r
oke access to all content protected using the specified EID on the device. If you disable or do not configure this policy setting, the only Wi

n in the user interface. Note: Do not enable this policy setting if users will need access to their redirected files if the network or server hol
onfigured value of "Do not automatically make all redirected folders available offline".
e updating the Folder Redirection location. If you disable or do not configure this policy setting, when the path to a redirected folder is cha
Documents and Pictures folders, the folders are redirected on the user's primary computer only. If you disable or do not configure this po
Documents and Pictures folders, the folders are redirected on the user's primary computer only. If you disable or do not configure this po
Note: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirectio
Note: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirectio

ng state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap

20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1

r do not configure this policy setting, the user can select a custom locale as their user locale. If this policy setting is enabled at the machine
r do not configure this policy setting, the user can select a custom locale as their user locale. If this policy setting is enabled at the machine
er policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured
er policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured

ional and Language Options control panel to select any available UI language.
setting, administrators can select any system locale shipped with the operating system.
list can be selected by users. If you disable or do not configure this policy setting, users can select any locale installed on the computer, un
list can be selected by users. If you disable or do not configure this policy setting, users can select any locale installed on the computer, un

Windows menus and dialogs language" policy setting.

entered through Input Panel is collected and stored. Note: Automatic learning of both text and ink might not be available for all languages,
entered through Input Panel is collected and stored. Note: Automatic learning of both text and ink might not be available for all languages,

An event log message (1109) is posted, stating that loopback was invoked in Replace mode. If you enable this policy setting, the behavior
p Policy Object Editor snap-in always uses local ADM files in your %windir%\inf directory when editing GPOs. This leads to the following be
ckground refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection and Drive Maps preferenc
ing a fast network connection in the case that no network bandwidth speed is determined. Note: When Group Policy detects a slow netw
phone line. Updates across slow connections can cause significant delays. The "Do not apply during periodic background processing" optio
low connections can cause significant delays. The "Do not apply during periodic background processing" option prevents the system from
work connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telep
e the Configure Group Policy Slow Link Detection policy setting to configure asynchronous foreground behavior.) The slow link value tha
ead and write changes to any available domain controller. If you disable this setting or do not configure it, the Group Policy Object Editor sn
kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast. I
kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast. I
ow network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Do not apply during
rk connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Do not apply during periodic b

next user logon or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the polic
ant delays. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the ba
will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" option up
ing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network conne
mputer's Group Policy Objects replace the user settings normally applied to the user. "Merge" indicates that the user settings defined in th
connections can cause significant delays. The "Do not apply during periodic background processing" option prevents the system from upd
ross slow connections can cause significant delays. The "Do not apply during periodic background processing" option prevents the system

ser Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Co
ser Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Co

holds. (See the Configure Group Policy Slow Link Detection policy setting to configure asynchronous foreground behavior.) The slow link
command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command. Note: To fin

r computers" policy setting to change the policy refresh interval. Note: If you make changes to this policy setting, you must restart your com

ffic, very short update intervals are not appropriate for most installations. If you disable this setting, Group Policy is updated every 90 minu
es Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use
e intervals are not appropriate for most installations. If you disable this setting, user Group Policy is updated every 90 minutes (the default
ault wait time of 30 seconds on computers running Windows Vista operating system.
ng, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 co
PO if they have a later timestamp. NOTE: If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy Ob

puters that are joined to a workgroup.

Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option preven
ace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there a
ine. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option pre
trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there
ss slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system
e location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preferen
Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevent
" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are
h as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background proce
race" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there
nnections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from upd
where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items
d across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do no
User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If
s slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system f
location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preferenc
oss slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system
location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preferen
pdates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents
he location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefere
work connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during perio
tion, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you
ross a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not ap
n the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" op
ephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" o
he "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option
w network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply durin
User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If
mitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "D
e location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preferen
telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processin
n the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" op
cross slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the syste
he location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefere
a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply d
he "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" optio
oss slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system
he location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefere
across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the sy
to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no pre
Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevent
" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are

s children. Enabling this policy setting does not override any "Permit use of <extension name> preference extension" policy settings that are
Enabling this policy setting does not override any "Permit use of <extension name> preference extension" policy settings that are disabled.
d by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Co
the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Contro

ted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of

st of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.


ss restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Perm
ricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use

ted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of

the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Contro
ist of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.

cted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use o
of snap-ins" or "Permit use of Control Panel Settings (Computers)" policy settings.

snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.

%windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". Note: An environmen
ocations cannot launched from Help
ocations cannot launched from Help
ry abnormalities.

le automatic updating to receive notifications and critical updates from Windows Update.
ed authorities. If you disable or do not configure this policy setting, your computer will contact the Windows Update website.

e user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft. Also, se
onnection.

e web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
e web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.

osing Classic Search turns off the Search Companion feature completely.

opt in and allow information to be collected.


opt in and allow information to be collected.
mprovement Program. If you do not configure this policy setting, the administrator can use the Problem Reports and Solutions component
plates/Windows Components/Windows Error Reporting.

ced by "Specify Driver Source Search Order" in "Administrative Templates/System/Device Installation" on newer versions of Windows.

ne that uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
er to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
er to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
er to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
er to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
ne that uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
hat uses MSXML or ADO to access data from another site in the zone.
viders. If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy settin
viders. If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy settin

wish to add to the list. The CLSID should be in brackets for example, {000000000-0000-0000-0000-0000000000000}'. The CLSID for an add
wish to add to the list. The CLSID should be in brackets for example, {000000000-0000-0000-0000-0000000000000}'. The CLSID for an add
e this policy setting, only VML will be allowed in zones set to 'admin-approved'. Note. If this policy is set in both Computer Configuration a
e this policy setting, only VML will be allowed in zones set to 'admin-approved'. Note. If this policy is set in both Computer Configuration a

one security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.
one security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.

ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
t over the restricted protocols is blocked. If you do not configure this policy setting, all attempts to access such content over the restricted
t over the restricted protocols is blocked. If you do not configure this policy setting, all attempts to access such content over the restricted
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
ricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable co
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
r to load XBAPs inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
her to load XAML files inside Internet Explorer.
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
n this zone. The security zone runs without the added layer of security provided by this feature.
n this zone. The security zone runs without the added layer of security provided by this feature.
n this zone. The security zone runs without the added layer of security provided by this feature.
n this zone. The security zone runs without the added layer of security provided by this feature.
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
pt-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will b
n this zone. The security zone runs without the added layer of security provided by this feature.
n this zone. The security zone runs without the added layer of security provided by this feature.

licy setting, the user can allow or prevent the display of placeholders for graphical images while the images are downloading.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
h older media players in specified zones.
ebsites to store data on their computers.
ebsites to store data on their computers.
allow websites to store data on their computers.
allow websites to store data on their computers.
et Explorer settings. By selecting this option, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user gra
et Explorer settings. By selecting this option, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user gra
ettings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Cont
owser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by respo
owser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by respo
r, so does not prompt users to install them.
r, so does not prompt users to install them.

he Internet Explorer process prevail.


he Internet Explorer process prevail.
rity Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone

ams or display their identities before downloading them to user computers.


ams or display their identities before downloading them to user computers.
ay the media content when the user clicks on a media link. If unchecked, the content will be played by the default media client on their sys
empty or the value is not 0 or 1, the policy setting is ignored. If you enable this policy setting for an application or process in the list, a scrip
empty or the value is not 0 or 1, the policy setting is ignored. If you enable this policy setting for an application or process in the list, a scrip
'Add-on List' policy setting. If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowed)
'Add-on List' policy setting. If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowed)

sers can delete browsing history.


sers can delete browsing history.

r) takes precedence over this policy. If it is enabled, this policy is ignored.


es menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over

his policy is ignored. Caution: If you enable this policy, users can still run the Certificate Manager Import Wizard by double-clicking a softw
ote: The default Web page colors are ignored on Web pages in which the author has specified the background and text colors.

e Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in C
hich the Web page author has specified the font attributes.

removes the General tab from the interface.


olors are ignored on Web pages on which the author has specified link colors.
rol Panel, takes precedence over this policy. If it is enabled, this policy is ignored.

eneral tab from the interface.

which prevents users from determining which toolbars are displayed in Internet Explorer and File Explorer.

tion\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this p
d in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either polic
hat are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in User Configuration\Administra
net Explorer\Internet Control Panel), which removes the Connections tab from the interface. Removing the Connections tab from the inter

ended for organizations that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in User

s" "Disable changing link color settings" "Disable changing font settings" "Disable changing language settings" "Disable changing accessib
s" "Disable changing link color settings" "Disable changing font settings" "Disable changing language settings" "Disable changing accessib

ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ty information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the se
ead from in the registry and the file system. When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to
ead from in the registry and the file system. When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to

ult. On at least Windows 8, if the "Do not display the reveal password button" policy setting located in Computer Configuration\Administra
ult. On at least Windows 8, if the "Do not display the reveal password button" policy setting located in Computer Configuration\Administra
mporary Internet Files folder when browser windows are closed.
mporary Internet Files folder when browser windows are closed.
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
n the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer 9 a
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.
turned on in this zone, as dictated by the feature control setting for the process.

ese three bars, but also the shortcuts to these bars. If you enable this policy setting, the navigation bar, the menu bar, and the Command b
ese three bars, but also the shortcuts to these bars. If you enable this policy setting, the navigation bar, the menu bar, and the Command b

Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Turn off Shortcut Menu" policy, wh
u, or the "Turn off Shortcut Menu" policy, which disables the entire shortcut menu.
Save As... menu option" policy, which removes the Save As command, takes precedence over this policy. If it is enabled, this policy is ignore
and then clicking Save Target As.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
ripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
ripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
ripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
o not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
o not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
ent processed by Internet Explorer. If you do not configure this policy setting, the Local Machine zone security applies to all local files and
ent processed by Internet Explorer. If you do not configure this policy setting, the Local Machine zone security applies to all local files and

gure this policy setting, the policy setting is ignored.


gure this policy setting, the policy setting is ignored.

elevation by Internet Explorer processes.


elevation by Internet Explorer processes.

ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template

ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
ty. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3.
High Safety.
High Safety.
Medium Safety.
Medium Safety.
Medium Safety.
Medium Safety.

ow Safety.
ow Safety.
d files from IFRAMEs on the pages in this zone.
d files from IFRAMEs on the pages in this zone.
d files from IFRAMEs on the pages in this zone.
d files from IFRAMEs on the pages in this zone.
ages in this zone without user intervention.
ages in this zone without user intervention.
d files from IFRAMEs on the pages in this zone.
d files from IFRAMEs on the pages in this zone.
d files from IFRAMEs on the pages in this zone.
d files from IFRAMEs on the pages in this zone.
ages in this zone without user intervention.
ages in this zone without user intervention.
rom IFRAMEs on the pages in this zone.
rom IFRAMEs on the pages in this zone.
ages in this zone without user intervention.
ages in this zone without user intervention.
rom IFRAMEs on the pages in this zone.
rom IFRAMEs on the pages in this zone.
ages in this zone without user intervention.
ages in this zone without user intervention.

ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template

g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon use

trols are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer M
ones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in wh
mport the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX
ttings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Contro
tiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
urity Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zon
e ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
ws 8, the check box is located on the Advanced tab in the Internet Options dialog box. For more information, see "Group Policy Settings in In

ar is below the navigation bar. The user cannot interchange the positions of the menu bar and the navigation bar. If you do not configure t
policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.
policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.
racking Protection and Do Not Track data is preserved when the user clicks Delete. If you disable this policy setting, ActiveX Filtering, Track
racking Protection and Do Not Track data is preserved when the user clicks Delete. If you disable this policy setting, ActiveX Filtering, Track
decide the mode of operation for the phishing filter.
decide the mode of operation for the phishing filter.

xecutable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter Internet Explorer processes in this
xecutable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter Internet Explorer processes in this
related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes con
related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes con
enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is em
enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is em
ter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All
ter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All
s policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this p
s policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this p
n this box take precedence over that setting. If you disable or do not configure this policy setting, the policy setting is ignored.
n this box take precedence over that setting. If you disable or do not configure this policy setting, the policy setting is ignored.
0 or 1, the policy setting is ignored. Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Explore
0 or 1, the policy setting is ignored. Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Explore
nable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over th
nable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over th
es. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do
es. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do
one is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is igno
one is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is igno
sable or do not configure this policy setting, the security feature is allowed.
sable or do not configure this policy setting, the security feature is allowed.
setting. If you disable or do not configure this policy setting, the security feature is allowed.
setting. If you disable or do not configure this policy setting, the security feature is allowed.
tting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disa
tting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disa

created through a custom administrative template file. For information about creating this custom administrative template file, see the Int
created through a custom administrative template file. For information about creating this custom administrative template file, see the Int
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
ted in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser Menus), which prevents users from
ser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security
f it is enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy.

r can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format only
r can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format only
t in this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for
t in this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for

his group policy. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all ind
his group policy. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all ind
ation caches resources. The default is 50 MB.
ation caches resources. The default is 50 MB.
s policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache reso
s policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache reso

olation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the computer o
olation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the computer o

trols, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.

the Internet and Trusted zones.


the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
the Internet and Trusted zones.
wn equivalent have special security settings that protect your local computer.) If you enable this policy setting, you can enter a list of sites
wn equivalent have special security settings that protect your local computer.) If you enable this policy setting, you can enter a list of sites
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo
packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If yo

e page. Users can change this option to start with the tabs from the last session.
e page. Users can change this option to start with the tabs from the last session.

rmation using HTML forms on pages in this zone to be submitted.


rmation using HTML forms on pages in this zone to be submitted.
ne can be submitted automatically.
ne can be submitted automatically.
ne can be submitted automatically.
ne can be submitted automatically.
rmation using HTML forms on pages in this zone to be submitted.
rmation using HTML forms on pages in this zone to be submitted.
ne can be submitted automatically.
ne can be submitted automatically.
ne can be submitted automatically.
ne can be submitted automatically.
rmation using HTML forms on pages in this zone to be submitted.
rmation using HTML forms on pages in this zone to be submitted.
ne can be submitted automatically.
ne can be submitted automatically.
rmation using HTML forms on pages in this zone to be submitted.
rmation using HTML forms on pages in this zone to be submitted.
ne can be submitted automatically.
ne can be submitted automatically.
are measured in minutes after midnight. The Maximum Offline Page Crawl Depth setting specifies how many levels of a Web site are search
strative Templates\Windows Components\Internet Explorer and in \Administrative Templates\Windows Components\Internet Explorer\Int
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
ontent over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Configu
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template
g selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template

abled add-ons exceeds the threshold. This is the default.


abled add-ons exceeds the threshold. This is the default.
se Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box. Note tha
se Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box. Note tha

ng, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone. For m
ng, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone. For m

his policy setting, the user can turn on or turn off details in these error messages.

st. If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. Note: SSL 2.0
st. If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. Note: SSL 2.0
, the user can turn on or turn off image display.
incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings do n
incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings do n

r can choose to turn the Use Windows Search setting on or off. Note: If you enable this policy setting, feeds do not appear in the Address b
r can choose to turn the Use Windows Search setting on or off. Note: If you enable this policy setting, feeds do not appear in the Address b
net Explorer settings. This feature is turned off by default.
net Explorer settings. This feature is turned off by default.

e the signup process after the branding is complete for ISPs (IEAK).
Vista. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Inte
Vista. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Inte

tting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode available
tting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode available
nternet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box. If you do no
nternet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box. If you do no

in member, until the user turns off the Notification bar.


in member, until the user turns off the Notification bar.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.
es, in an XML store, or directly within a Web page saved to disk.

t configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
t configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
t configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
t configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
onfigure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as
t configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
t configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.

oller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Window

is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003
authentication any time the client sends a compound authentication request regardless of the account configuration.
policy setting must be supported and set identically on all domain controllers in the domain.
p Policy. If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos M
will send a non-compounded authentication request first then a compound authentication request when the service requests compound au
DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. If you disable this poli
rable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, remove
also be enabled to support Kerberos armoring. If you disable or do not configure this policy setting, the client computers in the domain en
e will not be able to retrieve claims for clients using Kerberos protocol transition.
used in the path validation of the KDC's X.509 certificate. If you disable or do not configure this policy setting, the Kerberos client requires

onfigures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameter


and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key
omputer account when one or more applications are configured for Dynamic Access Control. Always: Compound authentication is always
unt authentication using certificates then authentication will fail. If you disable this policy setting, Disable will be used. If you do not confi

s will not take effect until you restart Windows.


dividual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on in

y features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a va

te network" options instead. If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply.
Allow operation while in public network" and "Prohibit operation while in private network" options instead. If you disable or do not config

uire that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In additi

onfiguration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Config
onfiguration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Config

onfigured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. Note: To create a cu
onfigured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. Note: To create a cu
un-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the ""
un-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the ""

r logon. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the syste
r logon. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the syste
ited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. W
ited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. W
ited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted. W
ick Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt. If you disable this setting or do n
tted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is e
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
Group Policy tab. To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Grou
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-
y permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-

ect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not b
wnloading. If you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers. If yo

ty features operate only when the installation program is running in a privileged security context in which it has access to directories denied
uring installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.
offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media. Also, see th
rams that a system administrator does not distribute or offer. Note: This policy setting appears both in the Computer Configuration and Use
rams that a system administrator does not distribute or offer. Note: This policy setting appears both in the Computer Configuration and Use
the Windows Installer will use available free space for the baseline file cache. If you disable or do not configure this policy setting, the Win
e this policy setting, the Windows Installer will use less restrictive rules for component upgrades.

see the "Enable user to use media source while elevated" and "Hide the 'Add a program from CD-ROM or floppy disk' option" policy setting
nable user to patch elevated products" policy setting.

n whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are
or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use t
or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use t
ere created for Windows Installer versions lesser than 4.0. This option lets those packages display the legacy files in use UI while still using
l of the product registered in their user profile.
rivileges, such as installations offered on the desktop or in Add or Remove Programs. This policy setting affects Windows Installer only. It d
f you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile. If you do not

d line switch or the Logging policy. If you disable or do not configure this policy setting, Windows Installer will automatically generate log fil

(offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Window
tection and verification of file corruption will be performed without UI. Recovery is not attempted. If you enable this policy setting, the rec
contents of the web page do not matter. The syntax is HTTP: followed by a URL. The host portion of the URL must resolve to an IPv6 addr

etting to have complete NCA functionality.


single-label, unqualified names (such as PRINTSVR) for local resources when connected to a different intranet and for temporary access

However, using the older algorithms represents a potential security risk. If you disable this policy setting, Net Logon will not allow the nego
is not applied to any DCs.
ocation based on DNS names. If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetB
cy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. If you enable or do not con
nterval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time int
ed, this policy can be used to enable the default behavior. If you enable this policy setting, DC Locator APIs can return IPv4/IPv6 DC addres
logon share is a share created by the Net Logon service for use by client machines in the domain. The default behavior of the Netlogon sha

fy the interval in seconds.


share created by the Net Logon service for use by Group Policy clients in the domain. The default behavior of the SYSVOL share ensures tha

of values is from 0 to 65535. If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
y address lookup to discover additional client IP addresses. To specify this behavior in the DC Locator DNS SRV records, click Enabled, and t
.gc._msdcs.<DnsForestName> DcByGuid SRV _ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName> GcIpAddress A gc.
re current and should be preserved in the database. Warning: If the DNS resource records are registered in zones with scavenging enabled

re well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites covere
nd then enter the sites names in a space-delimited format. If you do not configure this policy setting, it is not applied to any DCs, and DCs u

a higher site link cost. If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer. If you disable
ure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
ting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name re
earch policy, if it is not disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an Acti
ning: If the value for this setting is too small, a client will stop trying to find a DC too soon.
tially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be
nitial DC Discovery Retry Setting is used. Warning: If the value for this setting is too large, a client may take very long periods to try to find

esult in the following behaviors: 1 - Computers will ping DCs at the normal frequency. 2 - Computers will ping DCs at the higher frequency
ns settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remo
delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.) Im
on post-Windows 2000 computers. If you do not configure this setting, only Administrators and Network Configuration Operators can enab
"Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disab

figured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections. No

ns or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit acces
ars when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File
rs on post-Windows 2000 computers. If you disable this setting or do not configure it, the Properties button is enabled for administrators a
rs. The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connec
s item is enabled for administrators. Note: Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, reg
older for all users. Clicking the Make New Connection icon starts the New Connection Wizard. Note: Changing this setting from Enabled to
ces item is enabled for all users.
omponents of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in
rties dialog box for a private connection. Important: If the "Enable Network Connections settings for Administrators" is disabled or not con
ing the icon representing the connection, by right-clicking it, or by using the File menu.
e that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections availabl
es. Selecting the check box enables the component, and clearing the check box disables the component. Note: When the "Prohibit access
work Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
ers' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by usi
/IP Setting dialog box. Note: This setting is superseded by settings that prohibit access to properties of connections or connection compon
eats. If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the In
sabled. If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced ta
Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-
ugh the internal network. If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the
n that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem ca
. If you disable or do not configure this policy setting, apps will use the Internet proxies auto-discovered by Windows Network Isolation. E

nitions are authoritative" policy setting. If you disable or do not configure this policy setting, Windows Network Isolation attempts to auto

not configure this setting, users can work offline by default, but they can change this option. This setting appears in the Computer Configu
not configure this setting, users can work offline by default, but they can change this option. This setting appears in the Computer Configu

nchronized with the server on a regular basis. You can also configure Background Sync for network shares that are in user selected Work O
/ 100]. For example, if you want to set a threshold value of 128,000 bps, enter a value of 1280.
re the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC p
hed files occupy to 10 percent of the space on the system drive. If you do not configure this setting, disk space for automatically cached fil

etting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the
FS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated netw
cords events when the local computer is connected and disconnected from the network. "3" also records an event when the server hosting
cords events when the local computer is connected and disconnected from the network. "3" also records an event when the server hosting
arate the extensions with a semicolon (;). Note: To make changes to this setting effective, you must log off and log on again.
Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence ove
Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence ove
current. If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a qu
current. If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a qu
not performed.
not performed.
n effect, the system disables the "Enable reminders" option on the Offline Files tab This setting appears in the Computer Configuration and
n effect, the system disables the "Enable reminders" option on the Offline Files tab This setting appears in the Computer Configuration and

ng, leave the seed server list empty, leave the checkbox unchecked. 2. In order to use a corporate seed server only, enable the setting; inse

the same subnet. If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publish
on the same subnet. If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publ
on the same subnet. If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publ
tions cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud sc
tions cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud sc
tions cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud sc
rivers blocked due to compatibility issues. Note: This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy se

ect one of the following: - Not Configured. With this selection, BranchCache latency settings are not applied to client computers by this po
election, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their ope
pplied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting. This policy setting can only be
h office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hos
nd then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because
do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then
s are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want
u can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client c
specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual

ny Windows Boot Performance problems that are handled by the DPS. If you do not configure this policy setting, the DPS will enable Windo
oot or resolve any Windows Shutdown Performance problems that are handled by the DPS. If you do not configure this policy setting, the
to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS. If you do not confi
ot or resolve any Windows System Responsiveness problems that are handled by the DPS. If you do not configure this policy setting, the D

, the computer system safely shuts down to a fully powered-off state.


e the slide show feature.
e the slide show feature.

ation policy setting.


ation policy setting.
her the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-in
her the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-in
icy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
icy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
led by default, although transcripting can still be enabled through the Start-Transcript cmdlet. If you use the OutputDirectory setting to e
led by default, although transcripting can still be enabled through the Start-Transcript cmdlet. If you use the OutputDirectory setting to e
licy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy setting,
licy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy setting,
owse a common Web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
", click "Control Panel", and then click "Network and Internet". On the "Network and Internet" page, click "Network and Sharing Center". O

e client while decreasing the load on the server. If you do not enable this policy setting, the behavior is the same as disabling it. Note: Thi
left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers."
he Add Printer Wizard, and users cannot search the network but must type a printer name. Note: This setting affects the Add Printer Wizar

r printer or group of printers that you want them to use. If you disable this setting or do not configure it, and the user does not type a loca
the General tab, and then click "Enable Web content in folders.") Also, see the "Activate Internet printing" setting in this setting folder and

bled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mo

olicy setting takes effect without restarting the print spooler service.
sional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must
ation processes. Notes: -This policy setting applies only to applications opted into isolation. -This policy setting applies only to print driver

ffected. -This policy setting takes effect without restarting the print spooler service.
t servers approved by the network administrator. When using package point and print, client computers will check the driver signature of a
t servers approved by the network administrator. When using package point and print, client computers will check the driver signature of a
on drivers need to be updated. If you do not configure this policy setting: -Windows Vista client computers can point and print to any serv
on drivers need to be updated. If you do not configure this policy setting: -Windows Vista client computers can point and print to any serv
dialog box. If you enable the Group Policy Computer location setting, the default location you entered appears in the Location field by defa
wever, if users have not added a printer when this setting is applied, they cannot print. Note: You can use printer permissions to restrict the

isconnected from the network. Note: You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the con

e: This setting is used only on domain controllers.

er of retries. If you enable this setting, you can change the interval between attempts. If you do not configure or disable this setting, the d
pt, its printers are pruned from the directory. If you enable this policy setting, the contact events are recorded in the event log. If you disa
ot republish printers in Active Directory automatically, by default, the system never prunes their printer objects. You can enable this setting
tting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Progr

Start menu.

event users from using other tools and methods to install or uninstall programs.

t network adapter.

bleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. If you do not configure this policy setting, th
your computer" and "Reinstall Windows" (or "Return your computer to factory condition") in Recovery (in Control Panel) will be unavailable

Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for suppo
onfiguration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Contr

ties in the Control Panel.


mputer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or us
ers can also configure Remote Assistance settings. If you enable this policy setting, you have two ways to allow helpers to provide Remote

o not configure this policy setting, application-based settings are used.


ows NT4 Server Endpoint Mapper Service. If you do not configure this policy setting, it remains disabled. RPC clients will not authenticate
ons that ask for delegation and connect to servers using constrained delegation. If you do not configure this policy setting, it remains disab
ct on performance and uses only about 4K of memory, this setting is not recommended for most installations. -- "Auto1" directs RPC to ma
nded error information. You must select an error response type in the drop-down box. -- "Off" disables all extended error information for
, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Cl
xy run on an older version of Windows, this policy setting will be ignored. The minimum allowed value for this policy setting is 90 seconds.

er Configuration.
er Configuration.

DesktopIT and DesktopSales. For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following orde
d C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin: Within GPO B: B.ps1, B.cmd Within GPO C: C.ps
d C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin: Within GPO B: B.ps1, B.cmd Within GPO C: C.ps
s complete. By default, each startup script must complete before the next one runs. Also, you can use the ""Run logon scripts synchronous

ailable locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers
n the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting
me/_layouts/XXXX/searchresults.aspx?SearchString=$w This adds intranet search location to: 1) The Windows Deskbar 2) The Desktop Se
resemble the following, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033. http://sitename/_layo

on) must be used for the location of the index to maintain security for encrypted files.

e "Don't search the web or display web results in Search" policy setting, queries won't be performed on the web over metered connections
ailboxes. The "Enable Indexing of Uncached Exchange Folders" policy has no effect on online delegate mailboxes. To stop indexing of online

k in cached mode.

st of paths to index is not restored.

n to install new components. If your users have Administrator permissions or can install software, this policy prevents them from specifical
will have no effect. If you do not congifure this policy setting, the Security Center is turned off for domain members. If you enable this pol

is policy setting, Server Manager does not refresh automatically. If you do not configure this policy setting, Server Manager uses the refres

g, Server Manager is available from the Start menu or the Windows taskbar.
and include the index of the image to use in the WIM file. For example wim:\\server\share\install.wim:3. If you disable or do not configu

utomatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether or not they want to share th
utomatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether or not they want to share th

e Explorer. Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. Note

File Explorer. Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. N
P, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. Not
o read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the def

ill be reversed. If you disable , the subject name will be displayed as it appears in the certificate.

MP Read operation is allowed for the community. If you disable or do not configure this policy setting, the SNMP service takes the Valid Com
mitted managers configured on the local computer instead. Best practice: For security purposes, it is recommended to restrict the HKLM\S
etting, the SNMP service takes the trap configuration configured on the local computer instead. Note: This setting has no effect if the SNM

nied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Acce

ogram in the Run dialog box.


o add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, a

ee the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The

stom toolbars, and the "Toolbars" command appears in the context menu.
tly used files, folders, and websites. Note: The system saves document shortcuts in the user profile in the System-drive\Users\User-name\

tions. FAT partitions do not have this ID tracking and search capability. Also, see the "Do not track Shell shortcuts during roaming" and the
on NTFS partitions. FAT partitions do not have this ID tracking and search capability. Also, see the "Do not track Shell shortcuts during roam
nd the user can change the view.

bar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.

on on the Windows Security screen is also available. Note: Third-party programs certified as compatible with Microsoft Windows Vista, Win

ault Programs control panel.

ows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system admi

disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in
hods to log off. Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Star

gs in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Conne

sable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.
Menu, and users cannot remove it. If the setting is not configured, users can turn the Recent Items menu on and off. Note: This setting doe

nd in the Start menu and in Task Manager and use the Internet Explorer Address Bar. Note:This setting affects the specified interface only.

context menu when you right-click an icon representing a drive or a folder. This policy setting affects the specified user interface elements
ofiles, the folders appear in the directory but not on the Start menu. If you disable this setting or do not configured it, Windows 2000 Profe

ath, such as \\Server\Share\Layout.xml. If the specified file is not available when the user logs on, the layout won't be changed. Users cann
ath, such as \\Server\Share\Layout.xml. If the specified file is not available when the user logs on, the layout won't be changed. Users cann

ying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" op
and "Do not allow pinning programs to the Taskbar" policy settings.

etting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy settin
e to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will provide text prediction s
e to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will provide text prediction s
s setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in applica
s setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in applica
Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this beh
Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this beh

nverted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this policy, rarely
tting on the Opening tab in Input Panel Options. Caution: If you enable both the Prevent Input Panel from appearing next to text entry are
tting on the Opening tab in Input Panel Options. Caution: If you enable both the Prevent Input Panel from appearing next to text entry are
icy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to
icy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to

n the Input Panel Options dialog box. If you enable this policy and choose Medium-Low from the drop-down box, password security is se
t," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not b
t," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not b
e user opens appear in the menus, including files located remotely on another computer. Note: This setting does not prevent Windows fro

ked by default even if this setting is Disabled or Not Configured. Note: This setting appears in the Computer Configuration and User Config
ked by default even if this setting is Disabled or Not Configured. Note: This setting appears in the Computer Configuration and User Config
dence over the setting in User Configuration. Tip: This setting affects existing tasks only. To prevent users from changing the properties of n
dence over the setting in User Configuration. Tip: This setting affects existing tasks only. To prevent users from changing the properties of n

ny program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting. Note: This setting appears in t
ny program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting. Note: This setting appears in t
figuration takes precedence over the setting in User Configuration.
figuration takes precedence over the setting in User Configuration.
address is present, the host will not have a 6to4 interface. If no global IPv6 address is present and a global IPv4 address is present, the host

ter name is not resolved successfully, ISATAP connectivity is not available on the host using the corresponding IPv4 address. Policy Enabled

mputer. The default refresh rate is 30 seconds.

opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. If you disable this p
irectly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. If you disab
Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecti
irection is allowed. If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specifi

ng is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. Note: You can limit which
e Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client. If you do not configure this policy

erience tab in Remote Desktop Connection.


hm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to u
nabled, the policy has to be set on the Hyper-V host machine. If you set the encoding option to Attempt only for non-RemoteFX vGPU sc
width than high quality. If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism
val determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. If you disable
olicy setting, the farm name is not specified at the Group Policy level. Notes: 1. This policy setting is not effective unless both the Join RD C
o not configure this policy setting, the policy setting is not specified at the Group Policy level. Notes: 1. For Windows Server 2008, this poli
ch user experience over LAN connections and RDP 7.1. If you disable this policy setting, RemoteFX will be disabled. If you do not configure

connect to the RD Session Host server without authenticating the RD Session Host server. Do not connect if authentication fails: The clien
computer field name or from the command line.

ard file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting, client drive redirec

e: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.

f you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is runni
computer at logoff, unless specified otherwise by the server administrator. Note: This setting only takes effect if per-session temporary fold
s profile folder on the remote computer. If you disable this policy setting, per-session temporary folders are always created, even if the ser
enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" polic
ec will not be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1, and
session that reaches its time-out limit. If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session,
session that reaches its time-out limit. If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session,
sktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies.
ost server after you log on as a local administrator.
RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Deskto
up is empty. If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session
udio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Re
lor depth for connections is not specified at the Group Policy level. Note: 1.Setting the color depth to 24 bits is only supported on Window
the Display Settings tab in the Remote Desktop Session Host Configuration tool.
nt to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. If the status is set to Enabled, th

exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the

image quality. By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN con
Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: * A client connecting to a Win

mpt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. If you disable or do not configure th
on. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains

munication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services.
ure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not reco
g box, look for the phrase Network Level Authentication supported. If you disable this policy setting, Network Level Authentication is not re

ll not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-spe

tificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment
ient to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that conta
k share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Se
an alternate authentication method, the authentication method that you specify in this policy setting is used by default. If you disable or d
ed. To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must se
because Remote Desktop Services automatically appends this at logon. Note: The Drive Letter field is ignored if you choose to specify a lo
Allows the administrator to watch the session of a remote user without the user's consent. If you disable this policy setting, administrators
Allows the administrator to watch the session of a remote user without the user's consent. If you disable this policy setting, administrators
at the Group Policy level.
vel. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote De
vel. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote De
Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instead o
Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instead o
force the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, dis
force the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, dis
n setting up the default connection URL. If you disable or do not configure this policy setting, the user has no default connection URL. No
e driver. If one is not found, the client's printer is not available. This is the default behavior. "Default to PCL if one is not found" - If no suita
uration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of t

h and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the
h and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the

tting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client re
rvices Roaming User Profile" policy setting.
client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote
client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote
s only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered seco
as the RD Session Host server. If you disable or do not configure this policy setting, the RD Session Host server does not specify a license s
ence tab in Remote Desktop Connection (RDC) or by using the "allow desktop composition" setting in a Remote Desktop Protocol (.rdp) file
an start any program on the RD Session Host server when they start a Remote Desktop Services session. For example, a remote user can d

n initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer

otocol (.rdp) file. If you enable this policy setting, font smoothing will not be allowed for remote connections, even if font smoothing is en

ormation). Servers running Windows Server 2008 do not display wallpaper by default to Remote Desktop Services sessions.

efore the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server. If you disable or do not
efore the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server. If you disable or do not

not configure this policy setting, you can configure the RD Session Host server to participate in RD Connection Broker load balancing by usi

g system managed TPM authentication setting you choose. Choose the operating system managed TPM authentication setting of "Full" to
list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Comm
licy setting to configure the Group Policy list of blocked TPM commands. If you disable or do not configure this policy setting, Windows wil
nds found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
ation failure occurred. Authorization failures older than the duration are ignored. For each standard user two thresholds apply. Exceeding

ng an authorization failure occurred. Authorization failures older than the duration are ignored. For each standard user two thresholds ap
s policy setting, only the user is given full control of their user profile, and the administrators group has no file system access to this folder.
ou disable or do not configure this policy setting, the system uses the definitions introduced with Windows 2000. %HOMESHARE% stores th
ng, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 millise
r do not configure this policy setting, Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user lo

speed of the connection between the user's computer and profile server. If the connection is slow (as defined by the "Slow network conn
the correct permissions if the profile folder already exists, and not copy files to or from the roaming folder if the permissions are not corre
stry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
oaming profiles" policy setting.
er has a roaming profile, the roaming profile is downloaded on the user's primary computer only. If you disable or do not configure this po
ue is 30 seconds. To use this policy setting, type the number of seconds Windows should wait for user input. The minumum value is 0 secon
s folders are excluded from the user's roaming profile. In operating systems earlier than Microsoft Windows Vista, only the History, Local S
when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user log
erating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to with
ttempts 60 times (over the course of one minute). If you enable this policy setting, you can adjust the number of times the system tries to u
file, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile. If you disa
th the server (roaming) copy when the user logs off. If you disable or not configure this policy setting, the default behavior occurs, as indic
before Windows detects the network connection speed. If you disable or do not configure this policy setting, the system does not consult t
network. If you disable or do not configure this policy setting, Windows waits for the network for a maximum of 30 seconds.
ecified in this policy. If you disable or do not configure this policy setting, users logging on this computer will use their local profile or stan
er is logged on. If "Run at specified time of day" is chosen, then a time of day must be specified. Once set, Windows uploads the registry fi
ecify a placeholder for the user name because the user name will be appended at logon. Note: The Drive letter box is ignored if you choos
rk paths are accessible. Note: You should not use this policy setting to suspend any of the root redirected folders such as Appdata\Roamin

n apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. S
ser is consulted (as set in the "Prompt user when slow link is detected" policy setting), but does not respond in the time allowed (as set in
xed drives" check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlocke
ormatted removable drives" check box to help prevent users from running BitLocker To Go Reader from their removable drives. If BitLocke

information exchanged with the server to unlock the computer. You can use the group policy setting "Computer Configuration\Windows S
When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the "Use enhanced Boot Configuratio
up wizard will display the computer's top-level folder view when the user chooses the option to save the recovery password in a folder. No
you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the "Choose dri
it strength (128-bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windo
e this policy setting, BitLocker will use the default encryption method of AES 128-bit with Diffuser or the encryption method specified by th
er users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. Select "Omit recovery op
itLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 25
elect whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. Select "Omit
digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving to a folder will store the 48-digit recovery passwo

screen. If a recovery URL is available, include it in the message. If you select the "Use custom recovery URL" option, the URL you type in t
the recovery password or recovery key be provided to unlock the drive. If you disable or do not configure this policy setting, the TPM uses
R profile for computers using native UEFI firmware. If you enable this policy setting before turning on BitLocker, you can configure the boo
onfigurations or computers with UEFI firmware with a CSM enabled. If you enable this policy setting before turning on BitLocker, you can c
not use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when th
ker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default w
er cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default wh
ve. If you enable this policy setting, users can configure a password that meets the requirements you define. To require the use of a passw
lable on the drive. If you enable this policy setting, users can configure a password that meets the requirements you define. To enforce com
users can configure a password that meets the requirements that you define. To require the use of a password, select "Require password f
cy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.
figure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
e will remain running. If both are disabled, the service will be stopped.
ou disable this setting, definition retirement will be disabled.

ows\CurrentVersion\Shell Extensions\Approved.
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a
For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a

trators on the PC by using Windows SmartScreen Settings in Security and Maintenance. Options: Require approval from an administrato

with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it migh

rget path. If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in
are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style
ws 2000 or later certification to adhere to this setting.
Open. Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. Th
these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteri
default context menu" setting.
are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.

he share name in the Run dialog box or the Map Network Drive dialog box. To remove network computers from lists of network resources
lists of network resources, use the "No Computers Near Me in Network Locations" setting. Note: It is a requirement for third-party applica
hared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet searc
links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites a
aining that a setting prevents the action. Also, this setting does not prevent users from using programs to access local and network drives.
: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

rt menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and T

available on Windows XP Professional.

lation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete
e default file type and protocol associations.

t of folders. If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited se
t of folders. If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited se

If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled. If you disable or do not configure this

e the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are ena
re different. Note: If the paths point to different network shares, this policy setting is not required. If the paths point to the same network

Windows Server 2003.


e change detection that Windows File Protection provides.

t by using Security Descriptor Definition Language (SDDL) strings. For more information about the SDDL format, see the Windows Firewall d
sage types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If yo
sage types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If yo
port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "File and Printer S
port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "File and Printer S
does not control connections to SVCHOST.EXE and LSASS.EXE. If you enable this policy setting, Windows Firewall allows the computer to re
does not control connections to SVCHOST.EXE and LSASS.EXE. If you enable this policy setting, Windows Firewall allows the computer to re
open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is cleared and administrators canno
open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is cleared and administrators canno
empts to open these ports by adding them to a local port exceptions list, Windows Firewall does not open the ports. In the Windows Firew
empts to open these ports by adding them to a local port exceptions list, Windows Firewall does not open the ports. In the Windows Firew
m applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Window
m applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Window
cally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Sec
cally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Sec
t path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. If you disable this policy setting, Windows Firewall does n
t path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. If you disable this policy setting, Windows Firewall does n
t definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list
t definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list
he Show button. To add a program, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type
he Show button. To add a program, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type
dows Firewall component of Control Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it. I
dows Firewall component of Control Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it. I
ewall blocks a new program" check box is selected by default, and administrators can change it.
ewall blocks a new program" check box is selected by default, and administrators can change it.
indows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that d
indows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that d

ows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perf

ntire Network tab is hidden. This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP is not selected. If
g is enabled and Multicast is not selected. If you disable this policy setting, the MMS proxy server cannot be used and users cannot config

sers cannot change the RTSP proxy settings. If you do not configure this policy setting, users can configure the RTSP proxy settings.

m the Internet check box.


sional operating systems.
layer to full mode and cannot choose a different skin. If you disable or do not configure this policy setting, users can display the Player in fu
b is selected. If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network

un" policy setting. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the
un" policy setting. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the

on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter spe

n disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.
annel binding token is accepted (though it is not protected from credential-forwarding attacks). If HardeningLevel is set to None, all reque

nges. There are two situations where the effect of this setting depends on the operating system: Hide/Restore updates, and Cancel an insta
setting. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
policy to have effect. Note: If the "Configure Automatic Updates" policy is disabled, this policy has no effect. Note: This policy is not suppo
y to be installed Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or int

y setting has no impact if the User Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install
y setting has no impact if the Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'I

directed to is configured to support client-side targeting. If the "Specify intranet Microsoft update service location" policy is disabled or no
system is on battery power, when Windows Update wakes it up, it will not install updates and the system will automatically return to hibern
matic Updates is configured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this polic
ove all access to Windows Update features and no notifications will be shown. 1 = Show restart required notifications This setting will show

d, this policy has no effect.

service, instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization d

e later" to defer the notification as appropriate. In Windows 7, this policy setting will only control detailed notifications for optional applica
Internet products that you can download to keep your computer up to date. Also, see the "Remove links and access to Windows Update"

e system displays the Explorer interface. Tip: To find the folders indicated by the Path environment variable, click System Properties in Cont

tive, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not r
hours expiration warnings setting will have no effect, and users receive no warnings about logon hour expiration

existing session, but cannot log on to a new session. Note: If you configure this setting, you might want to examine and appropriately confi

ervices are available. If this policy setting is disabled, both "Connect to suggested open hotspots," "Connect to networks shared by my con
t configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to
pecifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folde

puter will connect to WNS at user login and applications will be allowed to poll for tile notification updates in the background. No reboots
he wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Compon

n still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the

ms" setting or the "Hide Add New Programs page" setting is enabled.

installers or other 16-bit components cannot run. If the status is set to Disabled, the MS-DOS subsystem runs for all users on this compute

de mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers a

go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. Note: The Diagnostic Policy Service (DPS) and Prog
s policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile.

ened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
ened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.

es. If you disable this policy setting, Windows sets the default risk level to moderate. If you do not configure this policy setting, Windows s

r over the file type. If you do not configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the fi
mmand line arguments can contain sensitive or private information such as passwords or user data.
avior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will prom
avior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will prom
e this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration fold
e this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration fold

nt" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "A

ase the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercach
e it, the default value of 30 percent of the slowest active network interface will be used. Note: This setting has no effect if the "Allow BITS p

Transfer unless surcharge applies (when not roaming or overcap) - Transfer unless nearing limit (when not roaming or nearing cap)
Note: The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.
00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours. If you disable or do not configure this policy setti
90 (days) will be used for the inactive job timeout.

nfiguration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configu
nfiguration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configu
nalization. Note: For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for exam

8, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item d

ows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT
e "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run.
he device. Instead, a password will be required immediately upon the screen turning off. Note: This policy setting only applies to domain-j

The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the
e SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrik
Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitt
rincipal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard ch
e Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single
credentials is not permitted to any machine. Note: The "Allow delegating saved credentials with NTLM-only server authentication" policy s
s.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com R
ources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.
n host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanres
tion\Administrative Templates\System\Credentials Delegation).

priority of the process in which programs run.


you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server. If you add a

displayed. However, users can select the wallpaper of their choice. Also, see the "Allow only bitmapped wallpaper" in the same location,

pane, and Web views, unless restricted by another setting. If you do not configure this setting, the default is to display Computer as usual.
ble the setting and then remove the policy from each computer, with a physically present user.
h are known to be compatible. Credential Guard This setting lets users turn on Credential Guard with virtualization-based security to help

able this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop cli
setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remo

use to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed. To change driver file

cy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.
ticode certificates.

n which Windows searches source locations for device drivers.

ft Management Console. Note: For Windows Server systems, this policy setting applies only if the Desktop Experience optional component
not configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. This poli

next boot. If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.

y setting. Otherwise, the system uses the physical space on the volume as the quota limit. Note: To turn on or turn off disk quota managem
but they can continue to write to the volume as long as physical space is available. Note: This policy setting overrides user settings that en
log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting does not affect the Quota En
status in the Quota Entries window changes. Note: To find the logging option, in My Computer, right-click the name of an NTFS file system
users (on the Quota tab in Volume Properties). If you disable or do not configure this policy setting, the disk space available to users is not

and a DNS suffix search list. If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a que

imited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes. If you enable this policy s

ff smart multi-homed name resolution policy setting is disabled or not configured.


h it is joined.
ution is not enabled if a global suffix search list is configured using Group Policy. If a global suffix search list is not configured, and the Appe
TCP/IP) Properties dialog box. Devolution is not enabled if a global suffix search list is configured using Group Policy. If a global suffix searc
this policy setting. For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific D
ation of the corresponding A records was successful. If you disable this policy setting, or if you do not configure this policy setting, comput
and PTR resource records. To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value tha
you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource record

g will not take effect until the user logs off.

choose which boot-start drivers to initialize the next time the computer is started. If you disable or do not configure this policy setting, the
configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following s

tween solution check reminders determines the interval time between the display of system notifications that remind the user to check fo
e Solutions to Problems page in Control Panel. The Maximum number of reports to queue setting determines how many reports can be qu
sted by Microsoft. - 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data requir
sted by Microsoft. - 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data requir
ontrol Panel. The default setting in Control Panel is Upload all applications. This policy setting is ignored if the Configure Error Reporting po

onal Edition, and disable notification by default on computers that are running Windows Server. See also the Configure Error Reporting pol

w Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by a

cations on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy settin
. If you enable this setting, the recovery behavior for corrupted files will be set to either the regular (default), silent, or troubleshooting on
e this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are W

files if the network or server holding the redirected files becomes unavailable. Note: If one or more valid folder GUIDs are specified in the

path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the c
sable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user
sable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user
n it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
n it processes a legacy redirection policy already deployed for these folders in your existing localized environment.

onfigured with the Services snap-in to the Microsoft Management Console. No system restart or service restart is required for this policy se

preceded by 19, that is, 1930 to 1999. If you disable or do not configure this policy setting, Windows does not interpret two-digit year form

setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine lev
setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine lev
his policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. To set this policy on a per-use
his policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. To set this policy on a per-use
ale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. If this policy setting is enabled
ale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. If this policy setting is enabled

ot be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information. If you enab
ot be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information. If you enab

this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from t
s. This leads to the following behavior: - If you had originally created the GPO with an English system, and then you edit the GPO with a J
ection and Drive Maps preference extension will not be applied. Note: There are two conditions that will cause Group Policy to be proces
Group Policy detects a slow network connection, Group Policy will only process those client side extensions configured for processing acros
ic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Whe
option prevents the system from updating affected policies in the background while the computer is in use. When background updates are
work connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Process even if the Group P
havior.) The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the doma
the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain. Note: To chan
tions are considered to be fast. If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second
tions are considered to be fast. If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second
elays. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the backgr
"Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while

updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only
dating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not tak
cts have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specif
tted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Proce
at the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the
on prevents the system from updating affected policies in the background while the computer is in use. When background updates are disa
ing" option prevents the system from updating affected policies in the background while the computer is in use. When background update

ng" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.


ng" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.

ground behavior.) The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from t
es Only" command. Note: To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates fold

etting, you must restart your computer for it to take effect.

p Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, selec
ated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. This setting also lets you specify how m
ed every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "T

stems greater than Windows 7 configured for workplace connectivity.


DM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled.

round processing" option prevents the system from updating affected preference items in the background while the computer is in use. Wh
n the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Comput
ckground processing" option prevents the system from updating affected preference items in the background while the computer is in use
on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Comp
ing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgroun
" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configuratio
ound processing" option prevents the system from updating affected preference items in the background while the computer is in use. Wh
he "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer
uring periodic background processing" option prevents the system from updating affected preference items in the background while the co
on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Compu
n prevents the system from updating affected preference items in the background while the computer is in use. When background update
f there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configuration tracing
significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected prefer
t turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. C
ng" option prevents the system from updating affected preference items in the background while the computer is in use. When background
option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configuratio
ssing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgrou
" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configuratio
und processing" option prevents the system from updating affected preference items in the background while the computer is in use. Whe
g" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configurati
2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the ba
on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this exten
ificant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference
ou must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is create
riodic background processing" option prevents the system from updating affected preference items in the background while the computer
must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.
lays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in
t turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. C
ause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected pr
" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configurati
g periodic background processing" option prevents the system from updating affected preference items in the background while the compu
ou must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is create
essing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgro
g" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configurati
nt delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference item
must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.
ssing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgrou
g" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configura
ocessing" option prevents the system from updating affected preference items in the background while the computer is in use. When back
acing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Config
ound processing" option prevents the system from updating affected preference items in the background while the computer is in use. Whe
he "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer C

xtension" policy settings that are disabled. If you disable this policy setting, you prohibit use of preference extensions under Control Panel
policy settings that are disabled. If you disable this policy setting, you prohibit use of preference extensions under Control Panel Settings fo
omputers)," or "Permit use of Control Panel Settings (Users)," policy settings.
uters)," or "Permit use of Control Panel Settings (Users)," policy settings.

(Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
gs (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

(Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

uters)," or "Permit use of Control Panel Settings (Users)," policy settings.

s (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

mefolder". Note: An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %pro
ws Update website.

he Internet to Microsoft. Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settings i

providers in the registry.


providers in the registry.

ports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.

newer versions of Windows.


ders unless another policy setting restricts such configuration.
ders unless another policy setting restricts such configuration.

0000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced. Value
0000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced. Value
n both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.
n both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.

r those defined in a process list.


r those defined in a process list.

low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.
such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
low control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is ena
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p

et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p
et Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the p

s are downloading.
TPS requests; unless the user grants a site-specific exception. Internet Explorer sends a DNT:0 header to any sites granted an exception. By
TPS requests; unless the user grants a site-specific exception. Internet Explorer sends a DNT:0 header to any sites granted an exception. By
evel. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
hoose to activate them by responding to the notification, using Manage Add-ons, or using other methods.
hoose to activate them by responding to the notification, using Manage Add-ons, or using other methods.

ttings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Control

default media client on their system.


tion or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior is cu
tion or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior is cu
specifically listed (and allowed) through the 'Add-on List' policy setting. If you disable or do not configure this policy setting, users may use
specifically listed (and allowed) through the 'Add-on List' policy setting. If you disable or do not configure this policy setting, users may use

Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.

Wizard by double-clicking a software publishing certificate (.spc) file. This wizard enables users to import and configure settings for certificat
und and text colors.

s tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.

If either policy is enabled, this policy is ignored.


ce over this policy. If either policy is enabled, this policy is ignored.
n User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled,
e Connections tab from the interface, however, does not prevent users from running the Internet Connection Wizard from the desktop or th

es menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over

ngs" "Disable changing accessibility settings"


ngs" "Disable changing accessibility settings"

tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
tting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) c
unters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies
unters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies

mputer Configuration\Administrative Templates\Windows Components\Credential User Interface is enabled for the system, it will override t
mputer Configuration\Administrative Templates\Windows Components\Credential User Interface is enabled for the system, it will override t
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
s dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domai
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
g in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can
e menu bar, and the Command bar are not visible, and the user cannot access them. If you disable or do not configure this policy setting, t
e menu bar, and the Command bar are not visible, and the user cannot access them. If you disable or do not configure this policy setting, t

rn off Shortcut Menu" policy, which disables the entire shortcut menu. Note: the user will still be able to open New Tabs.

it is enabled, this policy is ignored.


d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
ded with parameters or scripted.
ded with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
d with parameters or scripted.
ded with parameters or scripted.
ded with parameters or scripted.
urity applies to all local files and content processed by Internet Explorer.
urity applies to all local files and content processed by Internet Explorer.

r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se

r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
nd then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se

mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor
orted by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not suppor

uration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings, click Import the C
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and
hich you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrato
vel. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
rator Approved.
ttings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Contro
ministrator Approved.
, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.

on bar. If you do not configure this policy setting, the user can interchange the positions of the menu bar and the navigation bar.
he default.
he default.
y setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks Delete. If you don't configure this pol
y setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks Delete. If you don't configure this pol
ternet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If t
ternet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If t
ng is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting,
ng is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting,
executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in
executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in
or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
isable or do not configure this policy setting, the security feature is allowed.
isable or do not configure this policy setting, the security feature is allowed.
cy setting is ignored.
cy setting is ignored.
: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the p
: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the p
this box take precedence over that setting. If you disable or do not configure this policy setting, the Notification bar is not displayed for the
this box take precedence over that setting. If you disable or do not configure this policy setting, the Notification bar is not displayed for the
that setting. If you disable or do not configure this policy setting, the security feature is allowed.
that setting. If you disable or do not configure this policy setting, the security feature is allowed.
t 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes p
t 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes p
Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take pre
Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take pre

strative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, th
strative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, th
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
enus), which prevents users from opening files by using the browser.
el), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored. Also, see th

e converted to IDN format only for addresses that are not in the Intranet zone.
e converted to IDN format only for addresses that are not in the Intranet zone.
efault maximum storage limit for all application caches. The default is 50 MB.
efault maximum storage limit for all application caches. The default is 50 MB.

maximum storage limit for all indexed databases. The default is 500 MB.
maximum storage limit for all indexed databases. The default is 500 MB.

maximum application cache resource list size for all application caches. The default is 1000 resources.
maximum application cache resource list size for all application caches. The default is 1000 resources.

sical memory on the computer or how many Internet Explorer isolation settings are running. If you enable this policy setting, you set the r
sical memory on the computer or how many Internet Explorer isolation settings are running. If you enable this policy setting, you set the r
tting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings
tting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings
sions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to High safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to High safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
sions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
ny levels of a Web site are searched for new information.
omponents\Internet Explorer\Internet Control Panel folders.
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
r Configuration and User Configuration, both lists of protocols will be restricted for that zone.
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
mmended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a se
ge Add-ons dialog box. Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allow
ge Add-ons dialog box. Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allow

ains in the Internet Zone. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
ains in the Internet Zone. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.

rowser supports. Note: SSL 2.0 is off by default. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance an
rowser supports. Note: SSL 2.0 is off by default. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance an
disabled via policy settings do not undergo these checks.
disabled via policy settings do not undergo these checks.

s do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.
s do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.
on the Advanced tab of the Internet Options dialog.
on the Advanced tab of the Internet Options dialog.

in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer. If
in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer. If
Settings dialog box. If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an addi
Settings dialog box. If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an addi
nto, this zone.
nto, this zone.
nto, this zone.
nto, this zone.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.
feature will be on in this zone as set by Protection from Zone Elevation feature control.

main controllers running Windows Server 2008 R2 or earlier operating systems. Note: For the following options of this KDC policy to be effe

nal level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about pr
nfiguration.

s, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
he service requests compound authentication.
ameters. If you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted. If you do no
E key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. If you disable this policy setti
ent computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.

tting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU exten

Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginn
d, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.
mpound authentication is always provided for this computer account. If you disable this policy setting, Never will be used. If you do not con
will be used. If you do not configure this policy setting, Automatic will be used.

nabled setting that you use on individual servers where you want to enable BranchCache. - Enabled. With this selection, hash publication i

est logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. A

LLTDIO will apply.


. If you disable or do not configure this policy setting, the default behavior for the Responder will apply.

ely using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or us

ce over the setting in User Configuration. Tip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to S
ce over the setting in User Configuration. Tip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to S

nfiguration. Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting. Also
nfiguration. Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting. Also
rsion\RunOnce. Also, see the ""Do not process the legacy run list"" policy setting.
rsion\RunOnce. Also, see the ""Do not process the legacy run list"" policy setting.

ettings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs sp
ettings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs sp
ed), the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a u
ed), the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a u
ed), the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a u
If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
a snap-in setting in the folder is enabled or not configured, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
onfigured (or disabled), the Group Policy tab is inaccessible. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or no
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --
xplicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. --

ed, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
ems on remote computers. If you do not configure this policy setting, MSDT prompts the user before downloading any additional tools. N

t has access to directories denied to the user. This policy setting is designed for less restrictive environments. It can be used to circumvent
or Remove Programs.
patching" policy setting.
m removable media. Also, see the "Prevent removable media source for any install" policy setting.
Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. Caution: S
Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. Caution: S
figure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.

floppy disk' option" policy settings.


ed privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine c
program inoperable, do not use this policy setting unless it is essential. This policy setting appears in the Computer Configuration and User
program inoperable, do not use this policy setting unless it is essential. This policy setting appears in the Computer Configuration and User
cy files in use UI while still using Restart Manager for detection. If you disable or do not configure this policy setting, Windows Installer will

ffects Windows Installer only. It does not prevent users from selecting other browsers, such as File Explorer or Network Locations, to search
the user's profile. If you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista,

will automatically generate log files for those packages that include the MsiLogging property.

of Windows Installer on Windows Server 2003 family when the policy is not configured. -- The "Always" option indicates that Windows In
enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), S
URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTT

ranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess

et Logon will not allow the negotiation and use of older cryptography algorithms. If you do not configure this policy setting, Net Logon wil

messages that are used for NetBIOS domain name based DC location. If you disable or do not configure this policy setting, this DC processe
own. If you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback me
s or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC
s can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator. If you disable this policy setting, DC Locator APIs will ONLY
ult behavior of the Netlogon share ensures that no application with only read permission to files on the Netlogon share can lock the files b

of the SYSVOL share ensures that no application with only read permission to files on the sysvol share can lock the files by requesting exclu

Cs use their local configuration.


SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2. If you do not configure this policy setting, it is not ap
tName> GcIpAddress A gc._msdcs.<DnsForestName> DsaCname CNAME <DsaGuid>._msdcs.<DnsForestName> Kdc SRV
n zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setti

ation. To specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then enter
not applied to any DCs, and DCs use their local configuration.

for the computer. If you disable this policy setting, Try Next Closest Site DC Location will not be used by default for the computer. Howeve

suffixes to perform DNS name resolution. The single-label name is not used without appending DNS suffixes unless the computer is joined
main controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolution in

y periodic DC discoveries may be excessive.


very long periods to try to find a DC. If the value for this setting is too small and the DC is not available, the frequent retries may produce

ping DCs at the higher frequency. To specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2. If you do
istrators) cannot open the remote access connection properties dialog box. Important: If the "Enable Network Connections settings for Ad
access connections" setting.) Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this
onfiguration Operators can enable/disable LAN connections. Note: Administrators can still enable/disable LAN connections from Device M
ed (set to either Enabled or Disabled), this setting does not apply. Note: This setting does not prevent users from using other programs, suc

remote access connections. Note: When configured, this setting always takes precedence over the "Ability to rename LAN connections" an

AN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configur
Properties is enabled on the File menu. Note: This setting takes precedence over settings that manipulate the availability of features insid
on is enabled for administrators and Network Configuration Operators. The Local Area Connection Properties dialog box includes a list of th
ork components that the connection uses. To view or change the properties of a component, click the name of the component, and then cl
dvanced Settings dialog box, regardless of this setting.
ging this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other

cess to network components in the Windows Components Wizard. The Install button opens the dialog boxes used to add network compon
nistrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable this

can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connecti
Note: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes fo

senting the connection or by using the File menu. Note: This setting does not prevent users from using other programs, such as Internet E
nections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties butt
uding administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connec
can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is pr
apply to administrators on post-Windows 2000 computers. If you disable this setting or do not configure it, the connection status taskbar
ers running DirectAccess and the Internet is not routed through the internal network.
mation as to how the problem can be resolved.
y Windows Network Isolation. Example: [3efe:3022::1000];18.0.0.1;18.0.0.2 For more information see: http://go.microsoft.com/fwlink/p/

twork Isolation attempts to automatically discover your private network hosts. Example: 3efe:1092::/96,18.1.1.1/10 For more information

appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuratio
appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuratio

that are in user selected Work Offline mode. This mode is in effect when a user selects the Work Offline button for a specific share. When

n milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency det
pace for automatically cached files is limited to 10 percent of the system drive by default, but users can change it. Tip: To change the amou

as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip laten
affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface. If you do not configure t
an event when the server hosting the offline file is reconnected to the network. Note: This setting appears in the Computer Configuration a
an event when the server hosting the offline file is reconnected to the network. Note: This setting appears in the Computer Configuration a
and log on again.
figuration takes precedence over the setting in User Configuration. Tip: To change the synchronization method without changing a setting,
figuration takes precedence over the setting in User Configuration. Tip: To change the synchronization method without changing a setting,
zation, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer Co
zation, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer Co

the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes pr
the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes pr

ver only, enable the setting; insert the fully qualified domain name or IPv6 address of the corporate seed server; and check the checkbox. U

etermine whether it will publish the computer or will use multicast to search for other computers on the local subnet. The multicast proto
o determine whether it will publish the computer or will use multicast to search for other computers on the local subnet. The multicast pro
o determine whether it will publish the computer or will use multicast to search for other computers on the local subnet. The multicast pro
ddress that matches the cloud scope. If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and PN
ddress that matches the cloud scope. If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and PN
ddress that matches the cloud scope. If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and PN
Compatibility Assistant" policy setting is enabled. The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be r

ed to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a
he that is included with their operating system. - Enabled. With this selection, this policy setting is applied to client computers based on th
. This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers th
detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or b
vidual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache age setti
n Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domai
n members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Pol
y to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting is not con
nable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the ena

etting, the DPS will enable Windows Boot Performance for resolution by default. This policy setting takes effect only if the diagnostics-wide
configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default. This policy setting takes effect
d by the DPS. If you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by defa
onfigure this policy setting, the DPS will enable Windows System Responsiveness for resolution by default. This policy setting takes effect o
operty of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the mod
operty of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the mod

the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users from
the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users from
not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
Panel\Printers.
Network and Sharing Center". On the Network and Sharing Center page, click "Change advanced sharing settings". On the Advanced sharin

e same as disabling it. Note: This policy does not determine whether offline printing will be available to the client. The client print spooler

tting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to

nd the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet ma
setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\C

es not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.

e, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and a
etting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected. -This policy setting is on

ill check the driver signature of all drivers that are downloaded from print servers. If this setting is disabled, or not configured, package poi
ill check the driver signature of all drivers that are downloaded from print servers. If this setting is disabled, or not configured, package poi
s can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users create a
s can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users create a
pears in the Location field by default. If you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is estim
rinter permissions to restrict the use of printers without specifying a setting. In the Printers folder, right-click a printer, click Properties, and

Retry" settings to adjust the contact interval and number of contact attempts.

gure or disable this setting, the default values are used. Note: This setting is used only on domain controllers.
rded in the event log. If you disable or do not configure this policy setting, the contact events are not recorded in the event log. Note: This
ects. You can enable this setting to change the default behavior. To use this setting, select one of the following options from the "Prune no
d they cannot use the "Get Programs" page to install published programs. Enabling this feature does not prevent users from installing prog

ot configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. This policy setting takes effect o
Control Panel) will be unavailable. However, with this policy setting disabled, users can still restore the computer to the original state or from

s. (See "Supported on" for supported versions.) If you disable this policy setting, the Shutdown Event Tracker is not displayed when you sh
ssed in the Power Options Control Panel.

also specify the list of users or user groups that are allowed to offer remote assistance. To configure the list of helpers, click "Show." In the
llow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer
RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endp
s policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to
ns. -- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory. -- "Auto2" directs RPC
ll extended error information for all processes. RPC only generates an error code. -- "On with Exceptions" enables extended error informa
henticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. If you enable this policy
this policy setting is 90 seconds. The maximum is 7200 seconds (2 hours). If you disable this policy setting, the idle connection timeout on

B and C run in the following order for DesktopIT: Within GPO B: B.ps1, B.cmd Within GPO C: C.ps1, C.cmd For DesktopSales, GPOs B and
B.ps1, B.cmd Within GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C r
B.ps1, B.cmd Within GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C r
""Run logon scripts synchronously"" setting to direct the system to wait for the logon scripts to complete before loading the desktop. An ex

necting to the Microsoft servers that host the Windows Online Troubleshooting Service.
d for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: change
dows Deskbar 2) The Desktop Search results search box 3) The WDS search box in Search Companion
D is 1033. http://sitename/_layouts/XXXX/searchresults.aspx?SearchString=$w These additional intranet search locations are added to th

e web over metered connections and web results won't be displayed when a user performs a query in Search.
boxes. To stop indexing of online mailboxes and online delegate mailboxes you must disable both policies.

cy prevents them from specifically using Windows Desktop Search-related add-ins. Note: Because of a limitation in the Group Policy editor
members. If you enable this policy setting, Security Center is turned on for all users. If you disable this policy setting, Security Center is tur

Server Manager uses the refresh interval settings that are specified in the Server Manager console. Note: The default refresh interval for S

. If you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setting

ther or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
ther or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.

ply with this policy setting. Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column

omply with this policy setting. Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value colum
in the future will be shown. Note: This setting will be applied after the following policy: "Allow time invalid certificates" If you enable or d
. Certificates other than the default will not be available for logon.

NMP service takes the Valid Communities configured on the local computer instead. Best practice: For security purposes, it is recommend
mmended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full con
s setting has no effect if the SNMP agent is not installed on the client computer. Also, see the other two SNMP settings: "Specify permitted

ault, users see the standard Access Denied message.

ck the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff. Also, see "Remove Logoff" in User Configurati

ments" policies in this folder. The system only uses this setting when neither of these related settings are selected. This setting does not cle

System-drive\Users\User-name\Recent folder. Also, see the "Remove Recent Items menu from Start Menu" and "Clear history of recently

ortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
rack Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.

context menu.

th Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this p

om this menu, and system administrators can create a customized Favorites menu for a user group. Note:This setting only affects the Start

enu and from the Tools menu in Internet Explorer. Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
ar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff. See also: "Remove Logoff" po

mplates\Network\Network Connections).

nu" policy settings.


n and off. Note: This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do no

ects the specified interface only. It does not prevent users from using other methods to run programs. Note: It is a requirement for third-p

pecified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to searc
nfigured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.

ut won't be changed. Users cannot customize their Start screen while this setting is enabled. If you disable this setting or do not configure
ut won't be changed. Users cannot customize their Start screen while this setting is enabled. If you disable this setting or do not configure

he "Use Personalized Menus" option.

store configuration" policy setting is used to determine whether the option to configure System Restore is available.
anel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in
anel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in
next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Inp
next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Inp
as in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.
as in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.

If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is c
m appearing next to text entry areas policy and the Prevent Input Panel tab from appearing policy, and disable the Show Input Panel tas
m appearing next to text entry areas policy and the Prevent Input Panel tab from appearing policy, and disable the Show Input Panel tas
s available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.
s available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.

own box, password security is set to Medium-Low. At this setting, when users enter passwords from Input Panel they use the on-screen k
ablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose
ablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose
g does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the ""Do not allow pinn

er Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence ove
er Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence ove
rom changing the properties of newly created tasks, use the "Remove Advanced Menu" setting.
rom changing the properties of newly created tasks, use the "Remove Advanced Menu" setting.

g. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in C
g. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in C
IPv4 address is present, the host will have a 6to4 interface. Policy Enabled State: If a global IPv4 address is present, the host will have a 6to

ng IPv4 address. Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local add

t to connect. If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot s
ey want to connect. If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users c
llowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP
io recording redirection is specified in RDC. If you do not configure this policy setting, Audio recording redirection is not specified at the Gr

wed. Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at
f you do not configure this policy setting, automatic logon is not specified at the Group Policy level.

ion algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are u
only for non-RemoteFX vGPU scenarios, Remote Desktop attempts to use hardware encoding for all scenarios except RemoteFX vGPU.
ics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. If you enable this policy
er is 1 to 999,999. If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the sess
ffective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and co
r Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. 2. This policy setting is not effective un
disabled. If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is en

t if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenti

olicy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.

mote computer only if it is running Windows Server 2012 R2 and earlier versions. Note: You can disable redirection of specific types of sup
ect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this
e always created, even if the server administrator specifies otherwise. If you do not configure this policy setting, per-session temporary fol
RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect direc
e Desktop Protocol (RDP) 7.1, and does not affect clients that are using other RDP versions.
isconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remote
isconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remote
ault behavior applies.

ot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD C
s an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by dis
quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client compute
bits is only supported on Windows Server 2003 and Windows XP Professional. 2.The value specified in this policy setting is not applied to c

If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Wind

ill be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. If you disable or do not configu

alanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use
: * A client connecting to a Windows Server 2003 terminal server * A client connecting to a Windows 2000 terminal server If you enable

ou disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a
a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Com

sed to SSL encryption) is not recommended. * RDP: The RDP method uses native RDP encryption to secure communications between the c
ork Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. If you d

server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. If you disable o

will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is fo
level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not supp
me, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network sha
ed by default. If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one i
r RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD
ored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root
his policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
his policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.

of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure th
of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure th
esktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Confi
esktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Confi
f you have a console session, disconnected session time limits do not apply. If you disable or do not configure this policy setting, this policy
f you have a console session, disconnected session time limits do not apply. If you disable or do not configure this policy setting, this policy
no default connection URL. Note: RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untruste
L if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. "Defau
d for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavio

ype the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default
ype the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default

dded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on th

he server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print print
he server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print print
itional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affected
rver does not specify a license server at the Group Policy level.
mote Desktop Protocol (.rdp) file. In addition, the client computer must have the necessary hardware to support Windows Aero features.
or example, a remote user can do this by specifying the program's executable path at connection time by using the Remote Desktop Conne

onnects to the remote computer. Note: If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.

ons, even if font smoothing is enabled in RDC or in the .rdp file. If you disable or do not configure this policy setting, font smoothing is allo

ervices sessions.

server. If you disable or do not configure this policy setting, when a user closes the last RemoteApp program, the session will be disconne
server. If you disable or do not configure this policy setting, when a user closes the last RemoteApp program, the session will be disconne

tion Broker load balancing by using the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI provider. No

uthentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegati
m.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocke
this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists o

two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires author

standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that re
file system access to this folder. Note: If the policy setting is enabled after the profile is created, the policy setting has no effect. Note: The
2000. %HOMESHARE% stores the fully qualified path to the home directory (such as \\server\share\dir1\dir2\homedir). Users can access
ta per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for c
uter's hard drive when the user logs off. Important: Do not enable this policy setting if you are using the slow link detection feature. To resp

fined by the "Slow network connection timeout for user profiles" policy setting), the system applies the other policy settings set in this folde
if the permissions are not correct. By configuring this policy setting, you can alter this behavior. If you enable this policy setting Windows

sable or do not configure this policy setting and the user has a roaming profile, the roaming profile is downloaded on every computer that
t. The minumum value is 0 seconds, and the maximum is 600 seconds. If you disable or do not configure this policy setting, Windows wait
ws Vista, only the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile by default
ware Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine. If you disable or do n
file size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead,
ber of times the system tries to unload and update the user's registry settings. (You cannot adjust the retry rate.) If you disable this policy s
use the local profile. If you disable this setting or do not configure it, the default behavior occurs, as indicated above. If you enable both t
default behavior occurs, as indicated above. Note: This policy setting only affects roaming profile users.
ng, the system does not consult the user. Instead, the system uses the local copy of the user profile. If you have enabled the "Wait for remo
mum of 30 seconds.
will use their local profile or standard roaming user profile. Note: There are four ways to configure a roaming profile for a user. Windows re
Windows uploads the registry file at the same time every day, as long as the user is logged on. For both scheduling options, there is a ran
etter box is ignored if you choose On the local computer from the Location list. If you choose On the local computer and enter a file sh
folders such as Appdata\Roaming, Start Menu, and Documents. You should suspend only the subfolders of these parent folders.

e user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business app
nd in the time allowed (as set in the "Timeout for dialog boxes" policy setting). Waiting for the remote profile is appropriate when users m
BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the s
eir removable drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified,

puter Configuration\Windows Settings\Security Settings\Public Key Policies\BitLocker Drive Encryption Network Unlock Certificate" on the
Use enhanced Boot Configuration Data validation profile" group policy setting is ignored and Secure Boot verifies BCD settings according to
ecovery password in a folder. Note: This policy setting does not prevent the user from saving the recovery password in another folder.
bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)" and "Choo
a, Windows Server 2008, Windows 7)" policy setting, if it is set. If neither policy is set, BitLocker will use the default encryption method of
ncryption method specified by the setup script.
ry key. Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn o
-digit recovery password or a 256-bit recovery key. Select "Omit recovery options from the BitLocker setup wizard" to prevent users from s
6-bit recovery key. Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when
ore the 48-digit recovery password as a text file. Printing will send the 48-digit recovery password to the default printer. For example, not al

RL" option, the URL you type in the "Custom recovery URL option" text box will replace the default URL in the default recovery message, wh
this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. A pla
ocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating syst
e turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypte
will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based encrypti
ryption will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based e
yption will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based en
ne. To require the use of a password, select "Require password for fixed data drive". To enforce complexity requirements on the password,
ments you define. To enforce complexity requirements on the password, select "Require complexity". When set to "Require complexity" a
word, select "Require password for removable data drive". To enforce complexity requirements on the password, select "Require complexit

ovable data drive.


ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If
ypically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item. If

e approval from an administrator before running downloaded unknown software Give user a warning before running downloaded unkno

t include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly. If you disable this

en it cannot find the target file in the current target path.


ws Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this p

XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for
view and change drive characteristics. If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not re

Vista common dialog box style.

s from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
quirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
precedence over Internet search links. The first several links will also be pinned to the Start menu. A total of four links can be pinned on t
between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links
access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characte

tive Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting.

might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might n

ications to only open a limited set of folders.


ications to only open a limited set of folders.

disable or do not configure this policy, all default Windows Libraries features will be enabled.

" setting. If both policies are enabled, Active Desktop is disabled. Also, see the "Disable Active Desktop" setting in User Configuration\Adm
paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.

mat, see the Windows Firewall deployment information at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=25131).
es to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Window
es to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Window
trol Panel, the "File and Printer Sharing" check box is cleared and administrators cannot select it. If you do not configure this policy setting,
trol Panel, the "File and Printer Sharing" check box is cleared and administrators cannot select it. If you do not configure this policy setting,
ewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP ad
ewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP ad
leared and administrators cannot select it. If you do not configure this policy setting, Windows Firewall does not open this port. Therefore
leared and administrators cannot select it. If you do not configure this policy setting, Windows Firewall does not open this port. Therefore
the ports. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is cleared and administrators cannot sel
the ports. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is cleared and administrators cannot sel
ettings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply.
ettings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply.
figuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply
figuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply
setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log
setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log
to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows Firewall: A
to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows Firewall: A
e Show Contents dialog box type a definition string that uses the syntax format. To remove a program, click its definition, and then press th
e Show Contents dialog box type a definition string that uses the syntax format. To remove a program, click its definition, and then press th
dministrators cannot select it. If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolici
dministrators cannot select it. If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolici

ith the NetBIOS messages that detect name conflicts.


ith the NetBIOS messages that detect name conflicts.

load security upgrades, and perform license restoration.

led and HTTP is not selected. If you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the HT
be used and users cannot configure the MMS proxy settings. If you do not configure this policy setting, users can configure the MMS proxy

the RTSP proxy settings.


users can display the Player in full or skin mode and have access to all available features of the Player.
ailable to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL from

guration. If both are present, the Computer Configuration version of this policy setting takes precedence.
guration. If both are present, the Computer Configuration version of this policy setting takes precedence.

addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses

ngLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).

ore updates, and Cancel an install. On XP: If you enable this policy setting, users will not see a User Account Control window and do not ne
indows RT PCs.
t. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
nd (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are read

ws Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.
indows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.

location" policy is disabled or not configured, this policy has no effect. Note: This policy is not supported on Windows RT. Setting this polic
ill automatically return to hibernation in 2 minutes.
ates" policy is disabled, this policy has no effect.
otifications This setting will show notifications about restarts that are required to complete an installation. On Windows 8 and Windows R

end users in your organization don't have to go through a firewall to get updates, and it gives you the opportunity to test updates before d

notifications for optional applications. In Windows Vista, this policy setting controls detailed notifications for optional applications and upd
and access to Windows Update" setting. If the "Remove links and access to Windows Update" setting is enabled, the links to Windows Upd

e, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables

ppear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy

examine and appropriately configure the Remove logon hours expiration warnings setting

ct to networks shared by my contacts," and "Enable paid services" will be turned off and users on this device will be prevented from enabli
Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
ERPROFILE%\Work Folders" folder. If this option is not specified, users must use the Work Folders Control Panel item on their computers to

in the background. No reboots or service restarts are required for this policy setting to take effect.
d prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hide

rograms that are offered on the desktop or on the Start menu. If you disable this setting or do not configure it, "Add programs from your n

uns for all users on this computer. If the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD value

applications and their installers and these applications may fail to install or run properly. This option is useful to server administrators who

stic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured
ure this policy setting, Windows sets the default risk level to moderate.

prefers the file handler over the file type.


Windows Vista or later will prompt the user whether autorun command is to be run.
Windows Vista or later will prompt the user whether autorun command is to be run.
tion and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the p
tion and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the p

r, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect.

setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maxi
has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.

hen not roaming or nearing cap) - Transfer only if unconstrained - Custom--allows you to specify a bitmask, in which the bits desc
and other schedules.
do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers.

over the setting in User Configuration.


over the setting in User Configuration.
ame should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Panel item does not have a CPL file, or the CPL file contains mu

ntered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resource

nning Windows 8 or Windows RT, you cannot apply the Windows Classic visual style.
setting only applies to domain-joined devices that support connected standby.

(SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is per
g on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.human
se of a single wildcard is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Deskto
d. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com
e delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fa
y server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to w
humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This policy settin
RV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This policy
achines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.
that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DC

wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Pane

is to display Computer as usual. Note: In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Computer i
ualization-based security to help protect credentials. The "Disabled" option turns off Credential Guard remotely if it was previously turned

evices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, and no other policy
mote desktop client to the remote desktop server. If you disable or do not configure this policy setting, and no other policy setting describ

e installed. To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Propertie

y other policy settings.

Experience optional component is installed and the Remote Desktop Services role is not installed.
ake effect immediately. This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, d

n or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties
g overrides user settings that enable or disable quota enforcement on their volumes. Note: To specify a disk quota limit, use the "Default q
tting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached t
the name of an NTFS file system volume, click Properties, and then click the Quota tab.
sk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and

f "contoso.com" performs a query for "server.corp" the DNS client will send a query for "server.corp" first, and then a query for "server.cor

ffixes. If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is ad

t is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the follo
up Policy. If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is select
com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNcon
figure this policy setting, computers will use locally configured settings.
of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 secon
ace conflicting A resource records during dynamic update. If you disable this policy setting, existing A resource records that contain conflic

configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initializ
ou can configure the following settings in the policy setting: - ""Do not display links to any Microsoft More information websites"": Select

that remind the user to check for solutions to problems. A value of 0 disables the reminder. If you disable or do not configure this policy se
nes how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution che
sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probabil
sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probabil
he Configure Error Reporting policy setting is disabled or not configured. For related information, see the Configure Error Reporting and Re

he Configure Error Reporting policy setting.

). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application reportin

ays report errors for policy setting, and in the exclusion list in this policy setting, the application is excluded from error reporting. You can a
lt), silent, or troubleshooting only state. If you disable this setting, the recovery behavior for corrupted files will be disabled. No troublesho
cted content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime application

older GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will ove

w location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network loc
on every computer that the user logs on to. Note: If you enable this policy setting in Computer Configuration and User Configuration, the C
on every computer that the user logs on to. Note: If you enable this policy setting in Computer Configuration and User Configuration, the C

start is required for this policy setting to take effect: changes take effect immediately.

not interpret two-digit year formats using this scheme for the program.

ng is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level, re
ng is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level, re
s. To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
s. To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the com
If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the com

r more information. If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this s
r more information. If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure this s

ing user profile is allowed from the trusted forest. If you disable this policy setting, the behavior is the same as if it is not configured.
d then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see the
cause Group Policy to be processed synchronously even if this policy setting is enabled: 1 - At the first computer startup after the client co
s configured for processing across a slow link (slow network connection). If you enable this policy, when Group Policy cannot determine t
while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system
When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process even
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not cha
ait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeout value t
er for the domain. Note: To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain
t value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Comp
t value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Comp
ng affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take eff
policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until t

ecify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired polic
abled, policy changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not
ny policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such
se significant delays. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the
to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the user's
hen background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process even if th
n use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process

y will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeout
he Administrative Templates folder (either one), right-click the same folder, and then point to "View." In Group Policy Object Editor, prefere

hile the computer is in use, select the "Turn off background refresh of Group Policy" policy. The Set Group Policy refresh interval for compu
tting also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from re
computer is in use, select the "Turn off background refresh of Group Policy" setting. This setting also lets you specify how much the actua

ed as Enabled.

while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon
trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer
und while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user lo
er trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so comput
puter is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system res
eated. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration
while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon o
ace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer co
ms in the background while the computer is in use. When background updates are disabled, preference item changes do not take effect unti
er trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so comput
n use. When background updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. Th
Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracing is
m from updating affected preference items in the background while the computer is in use. When background updates are disabled, prefer
no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so co
uter is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system resta
ated. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration t
mputer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system re
eated. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration
hile the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or
created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuratio
ected preference items in the background while the computer is in use. When background updates are disabled, preference item changes
User Configuration in this extension, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available
om updating affected preference items in the background while the computer is in use. When background updates are disabled, preferenc
ension, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration onl
background while the computer is in use. When background updates are disabled, preference item changes do not take effect until the nex
on, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so
ting affected preference items in the background while the computer is in use. When background updates are disabled, preference item ch
no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so co
ystem from updating affected preference items in the background while the computer is in use. When background updates are disabled, p
reated. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration
the background while the computer is in use. When background updates are disabled, preference item changes do not take effect until the
nsion, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only
omputer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system
reated. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuratio
pdating affected preference items in the background while the computer is in use. When background updates are disabled, preference item
ion, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, s
mputer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system re
created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuratio
e computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or syste
e is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configu
while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon o
ace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer co

e extensions under Control Panel Settings for Computer Configuration. Disabling this policy setting overrides any "Permit use of <extension
s under Control Panel Settings for User Configuration. Disabling this policy setting overrides any "Permit use of <extension name> preferen

n the system. For example, %programfiles% is not defined on some early versions of Windows. The "Shortcut" command is used to add a l
mand Line Parameters" settings in "Administrative Templates/Windows Components/Event Viewer".

ogram for all users.


the add-on is referenced. Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify
the add-on is referenced. Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify

ockdown security feature is enabled.


ockdown security feature is enabled.
ockdown security feature is enabled.
ockdown security feature is enabled.
ockdown security feature is enabled.
ockdown security feature is enabled.
e is enabled.
e is enabled.
ockdown security feature is enabled.
ockdown security feature is enabled.
s feature control setting for the process.
s feature control setting for the process.

s feature control setting for the process.


s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
s feature control setting for the process.
y sites granted an exception. By default, this option is turned on.
y sites granted an exception. By default, this option is turned on.
el. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
ans that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting for an application
ans that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting for an application
this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting. N
this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting. N

d configure settings for certificates from software publishers that haven't already been configured for Internet Explorer.

e over this policy. If it is enabled, this policy is ignored.


on Wizard from the desktop or the Start menu.

Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.

ttps://) and nonsecure (http://) content.


ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
ttps://) and nonsecure (http://) content.
Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. If you enab
Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. If you enab

d for the system, it will override this policy setting.


d for the system, it will override this policy setting.
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
an drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change th
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same win
ot configure this policy setting, the user can view and access the navigation bar, the menu bar, and the Command bar.
ot configure this policy setting, the user can view and access the navigation bar, the menu bar, and the Command bar.

pen New Tabs.


d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,

d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,

d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti
hallenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy setti

ontent Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in which you wa
In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Plug-ins area, click Administrator Approved.

vel. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
and the navigation bar.
e. If you don't configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking
e. If you don't configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking
eferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedence o
eferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedence o
not configure this policy setting, the security feature is allowed.
not configure this policy setting, the security feature is allowed.
he Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Proc
he Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Proc
ke precedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.
ke precedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.

s policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this p
s policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this p
ation bar is not displayed for the specified processes.
ation bar is not displayed for the specified processes.

ed Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configure
ed Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configure
es configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the security feature is allo
es configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the security feature is allo

ot configure this policy setting, the user can configure his or her list of search providers.
ot configure this policy setting, the user can configure his or her list of search providers.

d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
his policy is ignored. Also, see the "Security zones: Use only machine settings" policy.

this policy setting, you set the rate at which Internet Explorer creates new tab processes to low, medium, or high, or to an integer. If you d
this policy setting, you set the rate at which Internet Explorer creates new tab processes to low, medium, or high, or to an integer. If you d
nsure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following in
nsure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following in
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
d individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance,
add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if
add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if

TechNet library.
TechNet library.

2.0 impairs the performance and functionality of TLS 1.0.


2.0 impairs the performance and functionality of TLS 1.0.
ough the Favorites Center.
ough the Favorites Center.
behavior of Internet Explorer. If you do not configure this policy setting, the user can turn on and turn off Internet Explorer 7 Standards M
behavior of Internet Explorer. If you do not configure this policy setting, the user can turn on and turn off Internet Explorer 7 Standards M
7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages app
7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages app
tions of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerber

not provide information about previous logons, and enabling this policy setting does not affect anything.

p Policy is deleted. If you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defined
ers. If you disable this policy setting, the interoperable Kerberos V5 realm settings defined by Group Policy are deleted. If you do not confi
get domain.

bject identifier in the EKU extensions which can be issued to any server.

ult value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context
one with different parameters. If you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy servers s
er will be used. If you do not configure this policy setting, Automatic will be used.

this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for BranchCa

tion, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyon

rofile path, home directory, or user object logon script, may take up to two logons to be detected. If a user with a roaming profile, home di

, point to Accessories, point to System Tools, and then click ""Getting Started."" To suppress the welcome screen without specifying a settin
, point to Accessories, point to System Tools, and then click ""Getting Started."" To suppress the welcome screen without specifying a settin

s at startup"" policy setting. Also, see the ""Do not process the run once list"" policy setting.
s at startup"" policy setting. Also, see the ""Do not process the run once list"" policy setting.

before it starts the programs specified in the User Configuration setting. Also, see the ""Do not process the legacy run list"" and the ""Do
before it starts the programs specified in the User Configuration setting. Also, see the ""Do not process the legacy run list"" and the ""Do
window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap
window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap
window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap

hibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited s
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab. To explicitly prohibit use of the Group Policy t
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured
led, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured

Microsoft Management Console.


nloading any additional tools. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediat

ts. It can be used to circumvent errors in an installation program that prevents software from being installed.

able it in both folders. Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and
able it in both folders. Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and
ache maximum size.
er unmanaged, or per-machine context."
omputer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it
omputer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if it
cy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible.

or Network Locations, to search for installation files. Also, see the "Enable user to browse for source while elevated" policy setting.
Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is

ption indicates that Windows Installer is disabled. This policy setting affects Windows Installer only. It does not prevent users from using o
on (default on Windows client), Silent (default on Windows server), or Troubleshooting Only. If you disable this policy setting, the troublesh
server.corp.contoso.com/ or HTTP:http://2002:836b:1::1/. -A Universal Naming Convention (UNC) path to a file that NCA checks for existen

etermined that the DirectAccess client computer is connected to its own intranet. To restore the DirectAccess rules to the NRPT and resum

this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms.

is policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.
based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. If you disable this policy setting, the
an also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain contr
etting, DC Locator APIs will ONLY return IPv4 DC address if any. So if the domain controller supports both IPv4 and IPv6 addresses, DC Loca
etlogon share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clien

lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain.

ure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
nsForestName> Kdc SRV _kerberos._tcp.dc._msdcs.<DnsDomainName> KdcAtSite SRV _kerberos._tcp.<SiteName>._sites.dc
configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zones

ds, click Enabled, and then enter the site names in a space-delimited format. If you do not configure this policy setting, it is not applied to

efault for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest Site

es unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is pe
l not the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the A

he frequent retries may produce excessive network traffic.

of values is from 1 to 2. If you do not configure this policy setting, it is not applied to any computers, and computers use their local configu
work Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2
s disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you do not configure this setti
LAN connections from Device Manager when this setting is disabled.
s from using other programs, such as Internet Explorer, to bypass this setting.

y to rename LAN connections" and "Ability to rename all user remote access connections" settings. Note: This setting does not prevent use

access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and remo
the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties d
es dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click t
e of the component, and then click the Properties button beneath the component list. Note: Not all network components have configurab

user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections fol

xes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the butt
0 computers. If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon represen

e all user remote access connections" setting.) Important: When enabled, this setting takes precedence over the "Ability to delete all user
om accessing the check boxes for enabling and disabling the components of a LAN connection. Note: Nonadministrators are already prohib

her programs, such as Internet Explorer, to bypass this setting.


ties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration.
on to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not ena
ailable. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make Ne
t, the connection status taskbar icon and Status dialog box are available to all users.
ttp://go.microsoft.com/fwlink/p/?LinkId=234043

8.1.1.1/10 For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043

setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To configure this setting without establish
setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To configure this setting without establish

utton for a specific share. When selected, all configured settings will apply to shares in user selected Work Offline mode as well. If you disa

e round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you do not specify a Latenc
nge it. Tip: To change the amount of disk space used for automatic caching without specifying a setting, in Windows Explorer, on the Tools

les cache. If the round trip latency of the network is less than 60ms, reads to remote files will not be cached. If you enable this policy setti
erface. If you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface.
in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes
in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes
thod without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select th
thod without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select th
tting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configu
tting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configu

Computer Configuration takes precedence over the setting in User Configuration. Tip: To display or hide reminder balloons without establis
Computer Configuration takes precedence over the setting in User Configuration. Tip: To display or hide reminder balloons without establis

erver; and check the checkbox. Using the corporate seed server only will prevent your mobile users from being able to use their peer to pe

ocal subnet. The multicast protocol used for bootstrapping is SSDP (Simple Service Discovery Protocol). The SSDP service must be enabled
e local subnet. The multicast protocol used for bootstrapping is SSDP (Simple Service Discovery Protocol). The SSDP service must enabled (
e local subnet. The multicast protocol used for bootstrapping is SSDP (Simple Service Discovery Protocol). The SSDP service must be enable
are turned on by default, and PNRP creates a cloud if the computer has an IPv6 address compatible with the clouds scope.
are turned on by default, and PNRP creates a cloud if the computer has an IPv6 address compatible with the clouds scope.
are turned on by default, and PNRP creates a cloud if the computer has an IPv6 address compatible with the clouds scope.
bility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft

t you do not want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Group
to client computers based on the value of the option setting "Select from the following versions" that you specify. - Disabled. With this sel
cy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in ad
on that is specified manually or by Group Policy. When this policy setting is applied, the client computer performs or does not perform aut
e client computer cache age setting that you use on individual client computers. - Enabled. With this selection, the BranchCache client com
t computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individua
gured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers
ain Group Policy setting is not configured, it will not over-write the client computer cache setting that you use on individual client computer
red, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enable

ffect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service restart is required for this policy
. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service resta
formance for resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service restart
ck Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer. Note: This po
ck Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer. Note: This po

t directory to prevent users from viewing the transcripts of other users or computers. Note: This policy setting exists under both Compute
t directory to prevent users from viewing the transcripts of other users or computers. Note: This policy setting exists under both Compute
figured is "No scripts allowed."
figured is "No scripts allowed."
ettings". On the Advanced sharing settings page, click the arrow next to "Domain" arrow, click "turn on network discovery", and then click "

e client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, the

shared printers or to connect to network printers.

n the IP address and subnet mask of the user's computer.


ation\Administrative Templates\Control Panel\Printers. Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Option

mple Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior.
affected. -This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must be

d, or not configured, package point and print will not be restricted to specific print servers.
d, or not configured, package point and print will not be restricted to specific print servers.
and prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will show a warning an
and prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will show a warning an
isabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask).
ck a printer, click Properties, and then click the Security tab. If this policy is disabled, or not configured, users can add printers using the me

rded in the event log. Note: This setting does not affect the logging of pruning events; the actual pruning of a printer is always logged. Not
wing options from the "Prune non-republishing printers" box: -- "Never" specifies that printer objects that are not automatically republish
revent users from installing programs by using other methods. Users will still be able to view and installed assigned (partially installed) pro

This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service restar
puter to the original state or from a user-created system image by restarting the computer and accessing the System Recovery Options me

ker is not displayed when you shut down the computer. If you do not configure this policy setting, the default behavior for the Shutdown E

t of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When yo
o remotely control the computer." The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance in
h the Windows NT4 Server Endpoint Mapper Service. Note: This policy will not be applied until the system is rebooted.
sk for delegation and connect to servers using constrained delegation. If you enable this policy setting, then: -- "Off" directs the RPC Runti
memory. -- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Win
enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process whil
setting. If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers
the idle connection timeout on the IIS server running the RPC HTTP proxy will be used. If you do not configure this policy setting, it will re

For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Deskto
re, the scripts for GPOs B and C run in the following order for Tamara: Within GPO B: B.cmd, B.ps1 Within GPO C: C.cmd, C.ps1 Note: This
re, the scripts for GPOs B and C run in the following order for Tamara: Within GPO B: B.cmd, B.ps1 Within GPO C: C.cmd, C.ps1 Note: This
efore loading the desktop. An excessively long interval can delay the system and inconvenience users. However, if the interval is too short,

his policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the

search locations are added to the All Locations list in the Desktop Search results.

tation in the Group Policy editor, you must add at least one entry in the allow list, even if you want to enable this policy without an allow lis
icy setting, Security Center is turned off for domain members. Windows XP SP2 ---------------------- In Windows XP SP2, the essential securi

The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in W

ns specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the comp

with Microsoft.
with Microsoft.

s dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).

nts dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).
d certificates" If you enable or do not configure this policy setting, filtering will take place. If you disable this policy setting, no filtering will

curity purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the lo
ly the local admin group full control. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also,
NMP settings: "Specify permitted managers" and "Specify Community Name".

move Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.

ected. This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not ke

u" and "Clear history of recently opened documents on exit" policies in this folder. If you enable this setting but do not enable the "Remove

olicy settings.
hortcuts" policy settings.

al are required to support this policy setting.

This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.

option" policy setting.


ff. See also: "Remove Logoff" policy setting in User Configuration\Administrative Templates\System\Logon/Logoff.

ened documents. See the "Do not keep history of recently opened documents" setting. This setting also does not hide document shortcuts

te: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

om using other methods to search. If you disable or do not configure this policy setting, the Search link is available from the Start menu.
he Start menu.

e this setting or do not configure it, the Start screen layout won't be changed and users will be able to customize it.
e this setting or do not configure it, the Start screen layout won't be changed and users will be able to customize it.

tion tab in Input Panel Options in Windows 7 and Windows Vista.


tion tab in Input Panel Options in Windows 7 and Windows Vista.
setting on the Opening tab in Input Panel Options. Caution: If you enable both the Prevent Input Panel from appearing next to text entry a
setting on the Opening tab in Input Panel Options. Caution: If you enable both the Prevent Input Panel from appearing next to text entry a
ng tab in Input Panel Options.
ng tab in Input Panel Options.

on results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box
isable the Show Input Panel taskbar icon policy, the user will then have no way to access Input Panel.
isable the Show Input Panel taskbar icon policy, the user will then have no way to access Input Panel.

ut Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are tapp
u enable this policy and choose None, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gestu
u enable this policy and choose None, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gestu
ists. See the ""Do not allow pinning items in Jump Lists"" policy setting.

nfiguration takes precedence over the setting in User Configuration.


nfiguration takes precedence over the setting in User Configuration.

s are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
s are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. Policy Disabled Sta

P configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-config

cate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a
certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. W
Windows Vista, or Windows XP Professional. If you enable this policy setting, audio and video playback redirection is allowed. If you disab
rection is not specified at the Group Policy level.

configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remo

s only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP c
arios except RemoteFX vGPU.
dwidth. If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the c
he server will not check the session state.
olicy settings are enabled and configured by using Group Policy. 2. For Windows Server 2008, this policy setting is supported on at least W
policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. 3. To be an active member of an RD Session H
X for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.

sion Host server can be authenticated. If you disable or do not configure this policy setting, the authentication setting that is specified in R

direction of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device In
s per session policy setting, this policy setting has no effect.
etting, per-session temporary folders are created unless the server administrator specifies otherwise.
f the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authe

gure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. Note: This
gure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. Note: This

rovider to join the server to RD Connection Broker. If the policy setting is not configured, the policy setting is not specified at the Group Po
ted or changed in any way by disabling or not configuring this policy setting. Note: You should only enable this policy setting when the lice
onfigured on the client computer. For example, if the audio playback quality configured on the client computer is higher than the audio pla
policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running

nsistent with the version of Windows and the mode of Remote Desktop Services running on the server. If the status is set to Disabled or No

. If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the loc

top Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression setti
0 terminal server If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS

st server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. For Window
rative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected se

e communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated
RD Session Host server. If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows S

network quality. If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to de

If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that
ection). Clients that do not support this encryption level cannot connect to RD Session Host servers. * Client Compatible: The Client Comp
ted. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and w
ified by the user is used, if one is specified. If an authentication method is not specified, the NTLM protocol that is enabled on the client or
llowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client,
network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location. If the status is set to
's consent.
's consent.

is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop
is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop
he policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Ses
he policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Ses
ure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sess
ure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sess
op Connections from an untrusted server can compromise the security of a user's account.
CL) fallback printer driver. "Default to PS if one is not found" - If no suitable printer driver can be found, default to the PostScript (PS) fallbac
cy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list cont

he program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid
he program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid

ent to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing s

Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. Note
Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. Note
f the local session is not affected by this policy setting.

upport Windows Aero features. Note: Additional configuration might be necessary on the remote computer to make Windows Aero featur
using the Remote Desktop Connection client. If you disable or do not configure this policy setting, remote users can only start programs tha

ection" policy setting is ignored.

icy setting, font smoothing is allowed for remote connections.

am, the session will be disconnected from the RD Session Host server but it is not logged off. Note: This policy setting appears in both Com
am, the session will be disconnected from the RD Session Host server but it is not logged off. Note: This policy setting appears in both Com

sktop Services WMI provider. Note: If you enable this policy setting, you must also enable the Join RD Connection Broker, the Configure RD

n blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external stora
" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against
the Group Policy and local lists of blocked TPM commands.

to the TPM that requires authorization. This value is the maximum number of authorization failures each standard user may have before t

g a command to the TPM that requires authorization. The Standard User Individual Lockout value is the maximum number of authorizatio
setting has no effect. Note: The policy setting must be configured on the client computer, not the server, for it to have any effect, because
dir2\homedir). Users can access the home directory and any of its subdirectories from the home drive letter, but they cannot see or access
rvice-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network conn
ow link detection feature. To respond to a slow link, the system requires a local copy of the user's roaming profile.

er policy settings set in this folder to determine how to proceed. By default, when the connection is slow, the system loads the local copy o
able this policy setting Windows will not check the permissions for the folder in the case where the folder exists. If you disable or do not co

nloaded on every computer that the user logs on to.


his policy setting, Windows waits 30 seconds for user input before applying the default user profile .
user's roaming profile by default. If you enable this policy setting, you can exclude additional folders. If you disable this policy setting or do
e machine. If you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the Win
k users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming pr
rate.) If you disable this policy setting or do not configure it, the system repeats its attempt 60 times. If you set the number of retries to 0
ated above. If you enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local use

have enabled the "Wait for remote user profile" policy setting, the system downloads the remote copy of the user profile without consultin

ng profile for a user. Windows reads profile configuration in the following order and uses the first configured policy setting it reads. 1. Term
cheduling options, there is a random one hour delay attached per-trigger to avoid overloading the server with simultaneous uploads. For e
cal computer and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive
these parent folders.

ware and/or line of business apps that depend on the domain information protected by this setting to connect with network resources. If
file is appropriate when users move between computers frequently and the local copy of their profile is not always current. Using the local
pecified, or if the drive has the same identification field as specified in the "Provide unique identifiers for your organization" policy setting,
an identification field specified, or if the drive has the same identification field as specified in the "Provide unique identifiers for your organ

twork Unlock Certificate" on the domain controller to distribute this certificate to computers in your organization. This unlock method uses
erifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker. Note: If the group policy setti
password in another folder.
er 2008, Windows 7)" and "Choose drive encryption method and cipher strength" policy settings (in that order), if they are set. If none of th
e default encryption method of AES 128-bit or the encryption method specified by the setup script.

covery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when y
p wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to
pecifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to
fault printer. For example, not allowing the 48-digit recovery password will prevent users from being able to print or save recovery informa

he default recovery message, which will be displayed in the pre-boot key recovery screen. Note: Not all characters and languages are supp
ecified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to
Locker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not releas
access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TP
will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available BitLocker
ocker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available Bit
cker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available BitL
requirements on the password, select "Require complexity". When set to "Require complexity" a connection to a domain controller is nec
en set to "Require complexity" a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the p
word, select "Require complexity". When set to "Require complexity" a connection to a domain controller is necessary when BitLocker is e
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer
than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch quer

efore running downloaded unknown software Turn off SmartScreen

rate correctly. If you disable this setting or do not configure it, the "Install Program As Other User" dialog box appears whenever users inst

are required to adhere to this policy setting.

box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
splayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" poli
l of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Po
edence over Internet search links. The first several links will also be pinned to the Start menu. A total of four links can be included on the S
o view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting.

t context menu" policy setting.

ut the installed program might not operate correctly. Note: If it is enabled, the "Do not request alternate credentials" setting takes precede

tting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Do not allow Folder Options to be opened from the
setting is not enabled.

m/fwlink/?LinkId=25131).
sable this policy setting, Windows Firewall deletes the list of message types that you had enabled. If you do not configure this policy settin
sable this policy setting, Windows Firewall deletes the list of message types that you had enabled. If you do not configure this policy settin
not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unles
not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unles
ration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disable or do not configure t
ration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disable or do not configure t
es not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings
es not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings
ed and administrators cannot select it. If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, t
ed and administrators cannot select it. If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, t
d not apply.
d not apply.
al firewall rules should not apply.
al firewall rules should not apply.
Windows Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Firewall leaves the log file inta
Windows Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Firewall leaves the log file inta
enable the "Windows Firewall: Allow local port exceptions" policy setting. If you disable this policy setting, the port exceptions list defined
enable the "Windows Firewall: Allow local port exceptions" policy setting. If you disable this policy setting, the port exceptions list defined
its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with diffe
its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with diffe
olicy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming conn
olicy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming conn

he user cannot configure the HTTP proxy. If you do not configure this policy setting, users can configure the HTTP proxy settings.
ers can configure the MMS proxy settings.
access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is hi

erates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. You should use an aster

g attacks).

nt Control window and do not need elevated permissions to do either of these update-related tasks. On Vista: If you enable this policy setti
will be notified that they are ready to install. After going to Windows Update, users can install them. 4 = Automatically download updates a

setting is enabled.
olicy setting is enabled.

n Windows RT. Setting this policy will not have any effect on Windows RT PCs.

On Windows 8 and Windows RT, if this policy is Enabled, then only notifications related to restarts and the inability to detect updates will

ortunity to test updates before deploying them. If the status is set to Disabled or Not Configured, and if Automatic Updates is not disabled

or optional applications and updates. If you disable or do not configure this policy setting, Windows 7 users will not be offered detailed no
abled, the links to Windows Update on the Start menu are also removed. Note: If you have installed Windows XP Service Pack 1 or the upd

and then, in the System variables box, click Path.

you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level. If you disable or do not

ce will be prevented from enabling them. If this policy setting is not configured or is enabled, users can choose to enable or disable either
anel item on their computers to set up Work Folders. If this policy setting is disabled or not configured, no Work Folders settings are spec
nents page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.

re it, "Add programs from your network" is available to all users. Note: If the "Hide Add New Programs page" setting is enabled, this setting

set by the registry DWORD value HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault. If that value is non-0, this preve

ful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is parti

hese services can be configured by using the Services snap-in to the Microsoft Management Console.
tion takes precedence over the policy setting in User Configuration.
tion takes precedence over the policy setting in User Configuration.

olicy settings to have any effect. If you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and BI

rigin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Consider u

a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here) 0x1 - The cost is unknown or t
L file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered, for exam

odule name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themecpl.
a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote De
all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrik
es.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Ses
st.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Rem
RMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERM
epresents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specif
.fabrikam.com This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define excep
urces.fabrikam.com This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define ex
es in .humanresources.fabrikam.com This policy setting can be used in combination with the "Allow delegating saved credentials" policy se
vation security check for that DCOM server regardless of local settings. If you disable this policy setting, the appid exemption list defined b

nistrative Templates\Control Panel. Note: This setting does not apply to remote desktop server sessions.

cy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For exa
otely if it was previously turned on with the "Enabled without lock" option. The "Enabled with UEFI lock" option ensures that Credential G

olicy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" po
d no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting dete

ck My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.

service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft

an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
sk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume
detect that they have reached their limit, because their status in the Quota Entries window changes. Note: To find the logging option, in M
ach volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes,

and then a query for "server.corp.contoso.com." second if the first query fails. If you enable this policy setting, suffixes are allowed to be a

uccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they app

the DNS client appends the following names to a single-label name when it sends DNS queries: The primary DNS suffix, as specified on the
NS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: The pr
records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled. Important: This policy setting

nterval. For example, 1800 seconds is 30 minutes. If you enable this policy setting, registration refresh interval that you specify will be appl
urce records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event View

cal are initialized and the initialization of drivers determined to be Bad is skipped. If your malware detection application does not include a
e information websites"": Select this option if you do not want error dialog boxes to display links to Microsoft websites. - ""Do not collect a

or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a
ber of days between solution check reminders determines the interval time between the display of system notifications that remind the us
termined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional
termined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional
Configure Error Reporting and Report Operating System Errors policy settings.

n the Default application reporting policy setting is set to report no application errors. If the Report all errors in Microsoft applications or R

from error reporting. You can also use the exclusion list in this policy setting to exclude specific Microsoft applications or parts of Window
es will be disabled. No troubleshooting or resolution will be attempted. If you do not configure this setting, the recovery behavior for corru
er Windows Runtime application will only be able to revoke access to content it protected. Note: File revocation applies to all content pro

ble offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline".

ontent from the old network location.


on and User Configuration, the Computer Configuration policy setting takes precedence.
on and User Configuration, the Computer Configuration policy setting takes precedence.

nfigured at the machine level, restrictions will be based on per-user policy settings. To set this policy setting on a per-user basis, make sure
nfigured at the machine level, restrictions will be based on per-user policy settings. To set this policy setting on a per-user basis, make sure
icy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, rest
icy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, rest

ed. Users cannot configure this setting in Control Panel. If you disable this policy setting, automatic learning is turned on. Users cannot con
ed. Users cannot configure this setting in Control Panel. If you disable this policy setting, automatic learning is turned on. Users cannot con

me as if it is not configured.
anese ADM files, and you see the text in Japanese under Administrative Templates. If you disable or do not configure this setting, the Grou
mputer startup after the client computer has joined the domain. 2 - If the policy setting "Always wait for the network at computer startup a
Group Policy cannot determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast link
til the next user logon or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the
stem restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policie
even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you migh
lliseconds. The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the dom
Computers, right-click a domain, and then click "Operations Masters."
tion folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User
tion folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User
d, policy changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not cha
hanges will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" opti

uch as reapplying a desired policy setting in case a user has changed it.
he Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy im
update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
reapplies the policies even if the policies have not changed. Many policy setting implementations specify that they are updated only when
ake precedence over the user's normal settings. If you disable this setting or do not configure it, the user's Group Policy Objects determine
m restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies ha
or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the p

s 500 milliseconds. The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from
roup Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon.

Policy refresh interval for computers policy also lets you specify how much the actual update interval varies. To prevent clients with the sam
he same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random nu
you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultan

e effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and
Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for item
take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates
er Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for it
he next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the
only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this prefe
effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and r
nfiguration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items
m changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed
er Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for ite
er logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preferenc
omputer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this preference ext
und updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if th
er User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing
e next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the p
only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this prefer
the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies th
only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this prefe
effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and re
n only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this pre
abled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy obje
preference extension is available under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Mode
updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Gr
ble under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform
es do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option
under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform trac
are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group Polic
er User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing
kground updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even
only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this pref
nges do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" opti
le under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform
til the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies t
n only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this pre
tes are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group
under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tra
the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies th
n only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this pre
until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplie
ration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this
effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and r
nfiguration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items

s any "Permit use of <extension name> preference extension" policy settings. If you do not configure this policy setting, you permit use of
e of <extension name> preference extension" policy settings. If you do not configure this policy setting, you permit use of preference exten

cut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used
e add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowe
e add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowe
policy setting for an application or process in the list, a script that is running in the application or process cannot bypass the prompt for de
policy setting for an application or process in the list, a script that is running in the application or process cannot bypass the prompt for de
he 'Add-on List' policy setting. Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-o
he 'Add-on List' policy setting. Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-o

rnet Explorer.
t particular website. If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected Mo
t particular website. If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected Mo
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
indows. Users cannot change this setting.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
d destination are in the same window. Users cannot change this setting in the Internet Options dialog.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.

mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.


mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.

mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.


mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon
ord. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, logon

he content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins are
delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking Delete.
delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking Delete.
policy setting take precedence over that setting. If you do not configure this policy, processes other than the Internet Explorer processes w
policy setting take precedence over that setting. If you do not configure this policy, processes other than the Internet Explorer processes w

sable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If y
sable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If y
s allowed.
s allowed.

isable or do not configure this policy setting, the security feature is allowed.
isable or do not configure this policy setting, the security feature is allowed.

enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the s
enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the s
etting, the security feature is allowed.
etting, the security feature is allowed.

mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.


mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
or high, or to an integer. If you disable or do not configure this policy setting, the tab process growth is set to the default. The user can cha
or high, or to an integer. If you disable or do not configure this policy setting, the tab process growth is set to the default. The user can cha
to the list, enter the following information: Valuename A host for an intranet site, or a fully qualified domain name for other sites. The va
to the list, enter the following information: Valuename A host for an intranet site, or a fully qualified domain name for other sites. The va
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
mple, precedence, inheritance, or enforce) to apply individual settings to specific targets.
d, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the
d, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the
Internet Explorer 7 Standards Mode.
Internet Explorer 7 Standards Mode.
ranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing w
ranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing w
pound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerbero

realm mappings that are defined in the local registry, if they exist.
are deleted. If you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in th
coding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
oes not have KDC proxy servers settings defined by Group Policy.

if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers to

is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to re

with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be initi

screen without specifying a setting, clear the ""Show this screen at startup"" check box on the welcome screen.
screen without specifying a setting, clear the ""Show this screen at startup"" check box on the welcome screen.

e legacy run list"" and the ""Do not process the run once list"" settings.
e legacy run list"" and the ""Do not process the run once list"" settings.
e opens, but the prohibited snap-in does not appear.
e opens, but the prohibited snap-in does not appear.
e opens, but the prohibited snap-in does not appear.

e file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. Note: If you enable this setting
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible. Wh
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa
ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disa

ct. Changes take effect immediately. This policy setting will take effect only when MSDT is enabled. This policy setting will only take effect

s to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this polic
s to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this polic
onsidered be enabled, even if it is explicitly disabled in the other folder.
onsidered be enabled, even if it is explicitly disabled in the other folder.
hen possible.

e elevated" policy setting.


le is available, even if the user is on a different computer or is not connected to the network.

s not prevent users from using other methods to install and upgrade programs.
this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be
a file that NCA checks for existence. The contents of the file do not matter. The syntax is FILE: followed by a UNC path. The ComputerNam

ess rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. Note If the DirectAccess client computer is o

ou disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discove
mer on the cached domain controller entries. If you enable this policy setting, DC Locator on the machine will carry out Force Rediscovery
Pv4 and IPv6 addresses, DC Locator APIs will return IPv4 address. But if the domain controller supports only IPv6 address, then DC Locator
ngs from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the N

pdated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the SYSVOL share with

beros._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName> Dc SRV _ldap._tcp.dc._msdcs.<DnsDomainName> DcAtSite SRV


efresh Interval of the DNS zones may result in the undesired deletion of DNS resource records. To specify the Refresh Interval of the DC re

olicy setting, it is not applied to any DCs, and DCs use their local configuration.

plicitly, the Try Next Closest Site behavior is honored. If you do not configure this policy setting, Try Next Closest Site DC Location will not b

t. NetBIOS name resolution is performed on the single-label name only, in the event that DNS resolution fails. If you disable this policy setti
el DNS name that exists in the Active Directory forest to which this computer is joined. If you do not configure this policy setting, it is not a

omputers use their local configuration.


ministrators on post-Windows 2000 computers. If you do not configure this setting, only Administrators and Network Configuration Opera
. If you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connecti

This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.

enu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connecti
, nothing within the properties dialog box for a LAN connection is available to users. Note: Nonadministrators have the right to view the p
roperties of a component, click the name of the component, and then click the Properties button beneath the component list. Note: Not a
ork components have configurable properties. For components that are not configurable, the Properties button is always disabled. Note: W

in the Network Connections folder until the folder is refreshed. Note: This setting does not prevent users from using other programs, such

e components list (above the button). The Install and Uninstall buttons appear in the properties dialog box for connections. These buttons
ser right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears o

er the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Ability t
administrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.

button for TCP/IP configuration. Note: Nonadministrators (excluding Network Configuration Operators) do not have permission to access T
et Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setu
work Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) By defau
ure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, click
ure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, click

Offline mode as well. If you disable or do not configure this policy setting, Windows performs a background sync of offline folders in the sl

hs. If you do not specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 will not use the slow-li
n Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the "Am

ed. If you enable this policy setting, transparent caching is enabled and configurable. If you disable or do not configure this policy setting, r
user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so
n Computer Configuration takes precedence over the setting in User Configuration.
n Computer Configuration takes precedence over the setting in User Configuration.
ffline Files tab, and then select the "Synchronize all offline files before logging off" option.
ffline Files tab, and then select the "Synchronize all offline files before logging off" option.
the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To change the synchronization method
the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To change the synchronization method

minder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline File
minder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline File

eing able to use their peer to peer applications at home. 3. In order to use a corporate seed server and the global seed server, enable the s

e SSDP service must be enabled (which it is by default) for this policy to have effect.
The SSDP service must enabled (which it is by default) for this policy to have effect.
The SSDP service must be enabled (which it is by default) for this policy to have effect.
he clouds scope.
he clouds scope.
he clouds scope.
ervices snap-in to the Microsoft Management Console.

Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on individ
specify. - Disabled. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache
his policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that are s
erforms or does not perform automatic hosted cache server discovery under the following circumstances: If no other BranchCache mode-b
ction, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if this
setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this selection, BranchCache di
he on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that
se on individual client computers. - Enabled. With this selection, the BranchCache client computer cache setting is enabled for all client co
o enable BranchCache. - Enabled. With this selection, BranchCache is turned on for all client computers where the policy is applied. For ex

restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Diagnosti
o system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take
ecution policy is not configured. No system restart or service restart is required for this policy to take effect: changes take effect immediate
system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take
d on the computer. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. T
d on the computer. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. T

tting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy settin
tting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy settin
work discovery", and then click "Save changes". If you would like to not display printers of a certain type, enable this policy and set the num

reconnecting to the server, the client will submit any pending print jobs. Note: Some printer drivers require a custom print processor. In so

and "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" settings in User Configuration\Adm

y, a running application must be relaunched before settings take effect.

omputers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. -Window
omputers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. -Window

ers can add printers using the methods described above.

f a printer is always logged. Note: This setting is used only on domain controllers.
are not automatically republished are never pruned. "Never" is the default. -- "Only if Print Server is found" prunes printer objects that a
assigned (partially installed) programs that are offered on the desktop or on the Start menu. If this setting is disabled or is not configured,

o system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take
he System Recovery Options menu, if it is available.

ult behavior for the Shutdown Event Tracker occurs. Note: By default, the Shutdown Event Tracker is only displayed on computers running

er or group one by one. When you enter the name of the helper user or user groups, use the following format: <Domain Name>\<User Na
time that a Remote Assistance invitation created by using email or file transfer can remain open. The "Select the method for sending emai
m is rebooted.
n: -- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context d
MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. -- "Server" dire
or information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in
clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to comm
figure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used. If

in the following order for DesktopSales: Within GPO B: B.cmd, B.ps1 Within GPO C: C.cmd, C.ps1 Note: This policy setting determines the
GPO C: C.cmd, C.ps1 Note: This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPO
GPO C: C.cmd, C.ps1 Note: This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPO
wever, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely. If you disable o

Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics will not be executed. The T

le this policy without an allow list. Create a list entry by putting a space in the name field and a space in the value field and then save it. Th
dows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. Note

ver 2008 R2, or 10 minutes in Windows Server 2012.

the policy settings for the computer.

owerpnt.exe).

Powerpnt.exe).
is policy setting, no filtering will take place.

munities key to allow only the local admin group full control. Note: It is good practice to use a cryptic community name. Note: This policy
ed on the client computer. Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".

he File menu. See the "Do not keep history of recently opened documents" setting. This policy setting also does not hide document shortc

g but do not enable the "Remove Recent Items menu from Start Menu" setting, the Recent Items menu appears on the Start menu, but it i
oes not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.

available from the Start menu.


om appearing next to text entry areas policy and the Prevent Input Panel tab from appearing policy, and disable the Show Input Panel t
om appearing next to text entry areas policy and the Prevent Input Panel tab from appearing policy, and disable the Show Input Panel t

he Input Panel Options dialog box. If you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be included i

cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this
d the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this
d the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this
o4 interface. Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.

gh stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured w

emote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. Note
ng the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked
direction is allowed. If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirectio

\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network L

f you choose not to use an RDP compression algorithm, some graphics data will still be compressed. If you disable or do not configure this

ess encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in n

etting is supported on at least Windows Server 2008 Standard.


ctive member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of o

tion setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to th

ative Templates\System\Device Installation\Device Installation Restrictions policy settings.


nded that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specif

wise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting d
wise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting d

is not specified at the Group Policy level. Notes: 1. If you enable this policy setting, you must also enable the Configure RD Connection Br
this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to th
puter is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these conn

he status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level. Note: This se

ming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to t

medium image compression settings were selected (the default behavior).


o the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS

Session Host server. For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide creden
et time limit for disconnected sessions" policy setting.

Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. * SSL (TLS 1.0): The SSL meth
will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. Important: Disabling thi

up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experien

e that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or do not configur
nt Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supporte
he RD Session Host server and will store the user profiles locally on the RD Session Host server. If you disable or do not configure this polic
ol that is enabled on the client or a smart card can be used for authentication.
onfiguring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the serv
rk location. If the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the loca

ws Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. N
ws Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. N
op Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. Note: This policy setting appears
op Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. Note: This policy setting appears
sktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Computer
sktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Computer
ault to the PostScript (PS) fallback printer driver. "Show both PCL and PS if one is not found" - If no suitable driver can be found, show both
gs" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored.

ectory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enable
ectory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enable

n your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly co

Desktop Services session. Note: If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Pr
Desktop Services session. Note: If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Pr

er to make Windows Aero features available for remote desktop sessions. For example, the Desktop Experience feature must be installed o
users can only start programs that are listed in the RemoteApp programs list when they start a Remote Desktop Services session.

olicy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configur
olicy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configur

nection Broker, the Configure RD Connection Broker farm name, and the Configure RD Connection Broker server name policy settings.

quiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend o
msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of bloc

standard user may have before the user is not allowed to send commands requiring authorization to the TPM. The Standard User Lockout

maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring author
or it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time. Note: In the d
r, but they cannot see or access its parent directories. %HOMEPATH% stores a final backslash and is included for compatibility with earlier
Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roami

he system loads the local copy of the user profile.


exists. If you disable or do not configure this policy setting AND the roaming profile folder exists AND the user or administrators group are

u disable this policy setting or do not configure it, only the default folders are excluded. Note: You cannot use this policy setting to include
roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted. Note: If this po
ser's profile with the roaming profile server if the maximum profile size limit specified here is exceeded.
ou set the number of retries to 0, the system tries just once to unload and update the user's registry settings. It does not try again. Note: Th
ng and the "Only allow local user profiles" setting, roaming profiles are disabled. Note: This setting only affects roaming profile users.

he user profile without consulting the user. In Microsoft Windows Vista, the system will ignore the user choice made on the logon screen.

d policy setting it reads. 1. Terminal Services roaming profile path specified by Terminal Services policy 2. Terminal Services roaming profil
with simultaneous uploads. For example, if the settings dictate that the user's registry file is to be uploaded at 6pm, it will actually upload a
mapping the file share to a drive letter. If you disable or do not configure this policy setting, the user's home folder is configured as specifi

nect with network resources. If you do not configure or disable this policy the user will have full control over this setting and can turn it off
t always current. Using the local copy is desirable when quick logging on is a priority. Important: If the "Do not detect slow network conne
our organization" policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will be deleted from the drive. I
unique identifiers for your organization" policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will be d

ization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create Network Key Protectors to
ker. Note: If the group policy setting "Configure TPM platform validation profile for native UEFI firmware configurations" is enabled and ha

rder), if they are set. If none of the policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption m

ch recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting
eans that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for th
specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the p
o print or save recovery information to a folder. If you disable or do not configure this policy setting, the BitLocker setup wizard will presen

aracters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom me
(PCR) indices ranging from 0 to 23, The default platform validation profile secures the encryption key against changes to the Core Root of T
in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery con
ker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLock
yption is not available BitLocker software-based encryption will be used instead. Note: The Choose drive encryption method and cipher s
ed encryption is not available BitLocker software-based encryption will be used instead. Note: The Choose drive encryption method and c
d encryption is not available BitLocker software-based encryption will be used instead. Note: The Choose drive encryption method and ci
on to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to "Allow complexity"
to validate the complexity the password. When set to "Allow complexity" a connection to a domain controller will be attempted to validate
is necessary when BitLocker is enabled to validate the complexity the password. When set to "Allow complexity" a connection to a domain
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev
umbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from prev

box appears whenever users install programs locally on the computer. By default, users are not prompted for alternate logon credentials w

e to this setting.
drives from My Computer" policy setting.
unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disa
ur links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy

redentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials

r Options to be opened from the Options button on the View tab of the ribbon" setting in User Configuration\Administrative Templates\Wi

o not configure this policy setting, Windows Firewall behaves as if you had disabled it. Note: If any policy setting opens TCP port 445, Wind
o not configure this policy setting, Windows Firewall behaves as if you had disabled it. Note: If any policy setting opens TCP port 445, Wind
nnot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall compone
nnot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall compone
you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, on Windows XP Professional
you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, on Windows XP Professional
strator uses other policy settings to open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box
strator uses other policy settings to open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box
ot open these ports. Therefore, the computer cannot receive Plug and Play messages unless an administrator uses other policy settings to o
ot open these ports. Therefore, the computer cannot receive Plug and Play messages unless an administrator uses other policy settings to o

s Firewall leaves the log file intact. If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabl
s Firewall leaves the log file intact. If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabl
the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local po
the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local po
ist and add a new one with different parameters. To allow administrators to add programs to the local program exceptions list that is define
ist and add a new one with different parameters. To allow administrators to add programs to the local program exceptions list that is define
nel, the "Block all incoming connections" check box is cleared by default, but administrators can change it.
nel, the "Block all incoming connections" check box is cleared by default, but administrators can change it.

he HTTP proxy settings.


bled, the entire Network tab is hidden. If you do not configure this policy setting, users can select the protocols to use on the Network tab.

ranges. You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, oth

sta: If you enable this policy setting, users will not see a User Account Control window and do not need elevated permissions to do either o
tomatically download updates and install them on the schedule specified below. Specify the schedule using the options in the Group Polic

e inability to detect updates will be shown. The notification options are not supported. Notifications on the login screen will always show u

utomatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site o

rs will not be offered detailed notification messages for optional applications, and Windows Vista users will not be offered detailed notifica
ows XP Service Pack 1 or the update to Automatic Updates that was released after Windows XP was originally shipped, then you should use

al level. If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed.

oose to enable or disable either "Connect to suggested open hotspots" or "Connect to networks shared by my contacts".
o Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Con
is ignored.

e" setting is enabled, this setting is ignored.

. If that value is non-0, this prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that valu

cations they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, and t
g feature will be disabled, and BITS will download files directly from the origin server.

sed for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client comput

e) 0x1 - The cost is unknown or the connection is unlimited and is considered to be unrestricted of usage charges and capacity constraints.
mber should be entered, for example @systemcpl.dll,-1 for System, or @themecpl.dll,-1 for Personalization. A complete list of canonical an

dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be fou
ources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop
hines in .humanresources.fabrikam.com
TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session H
m.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote D
es.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com
aracter is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host
ls" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delega
ntials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow de
ating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters
e appid exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used. If you do not con

hild folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if
option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to "Disab

ibed by other policy settings" policy setting determines whether the device can be installed.
olicy settings" policy setting determines whether the device can be installed.

Services snap-in to the Microsoft Management Console. Note: For Windows Server systems, this policy setting applies only if the Desktop

he physical space on the volume as the quota limit.


e: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota
plies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the ra

tting, suffixes are allowed to be appended to an unqualified multi-label name if the original name query fails. If you disable this policy settin

es are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful or

ry DNS suffix, as specified on the Computer Name tab of the System control panel. Each connection-specific DNS suffix, assigned either thr
en it sends DNS queries: The primary DNS suffix, as specified on the Computer Name tab of the System control panel. Each connection-sp
d. Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled. If you disable this policy settin

rval that you specify will be applied to all network connections used by computers that receive this policy setting. If you disable this policy
ror will be recorded in Event Viewer.

on application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has bee
oft websites. - ""Do not collect additional files"": Select this option if you do not want additional files to be collected and included in error

y send reports at the time that a problem occurs.


notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder. If you disable or do not configure
r consent to send any additional data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically. If
r consent to send any additional data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically. If

rs in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting are

applications or parts of Windows if the check boxes for these categories are filled in the Default application reporting settings policy setting
the recovery behavior for corrupted files will be set to the regular recovery behavior. No system or service restarts are required for chang
cation applies to all content protected under the same second level domain as the provided enterprise identifier. So, revoking an enterpris

ders available offline".

g on a per-user basis, make sure that you do not configure the per-machine policy setting.
g on a per-user basis, make sure that you do not configure the per-machine policy setting.
gured at the computer level, restrictions are based on per-user policies.
gured at the computer level, restrictions are based on per-user policies.

g is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handw
g is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if handw

configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO. Note: If the ADMs that you r
e network at computer startup and logon" is enabled. If you disable or do not configure this policy setting, detecting a slow network conn
etwork connection as a fast link and process all client side extensions. If you disable this setting or do not configure it, Group Policy will ev
option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are update
es the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. Howe
en changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Polic

ration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also, see the "Do not detect
ration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also, see the "Do not detect
roup Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implem
y objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations

ave not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unc

hat they are updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired polic
s Group Policy Objects determines which user settings apply. Note: This setting is effective only when both the computer account and the u
he policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However
applies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed.

cy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Gro
blue icon.

s. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each
each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of varian
rom requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number

ot changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementatio
acing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path
ve not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implemen
tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a pa
ption updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify tha
orm tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plann
t changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementatio
ng: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in
Policy objects have not changed" option updates and reapplies the preference items even if the preference items have not changed. Many
tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a pa
ates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify that they are
g for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Planning trace"
estart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the p
query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide
tion updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify that
m tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plannin
option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify th
rm tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Planni
changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementation
form tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plan
ess even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the preference items hav
pplicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Po
rt. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the prefe
deling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must
bjects have not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy im
ng query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must pro
"Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the preference item
query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide
em restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if t
orm tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plann
y objects have not changed" option updates and reapplies the preference items even if the preference items have not changed. Many polic
deling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must
" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify
orm tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plann
The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the preference
ing query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must pro
option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify th
form tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plan
ed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations spec
perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "
t changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementation
ng: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in

policy setting, you permit use of preference extensions under Control Panel Settings for Computer Configuration unless restricted by the "R
u permit use of preference extensions under Control Panel Settings for User Configuration unless restricted by the "Restrict users to the ex

The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file. To disallow the "Shortcut" and "W
that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to m
that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to m
annot bypass the prompt for delete, copy, or paste operations from the Clipboard. If you do not configure this policy setting, current value
annot bypass the prompt for delete, copy, or paste operations from the Clipboard. If you do not configure this policy setting, current value
t change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more
t change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more
disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. If you disable or do not configure t
disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. If you disable or do not configure t
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon only in Intranet zone.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Prompt for username and password.
onfigure this policy setting, logon is set to Prompt for username and password.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Prompt for username and password.
onfigure this policy setting, logon is set to Prompt for username and password.
onfigure this policy setting, logon is set to Automatic logon with current username and password.
onfigure this policy setting, logon is set to Automatic logon with current username and password.

ActiveX Controls and Plug-ins area, click Administrator Approved.


he Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless "All Processes" is ena
he Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless "All Processes" is ena

recedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.
recedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.

onfigure this policy setting, the security feature is allowed.


onfigure this policy setting, the security feature is allowed.
to the default. The user can change this value by using the registry key. Note: On Terminal Server, the default value is the integer 1.
to the default. The user can change this value by using the registry key. Note: On Terminal Server, the default value is the integer 1.
main name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the va
main name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the va
nless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer te
nless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer te
est compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This opti
est compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This opti
cy setting is not enabled, Kerberos authentication messages will not use these features. If you configure "Supported", the domain controlle

lm settings that are defined in the local registry, if they exist.


domain member file servers to which the policy is applied. The file servers are then able to create content information for all content that

and configuring file servers to require authenticated access."

ys wait for the network to be initialized before logging the user on. If a user has never logged on to this computer before, computers alway
. Note: If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MM
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
oup Policy tab is accessible. When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit prope
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a
prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When a

olicy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, d

onfiguration version of this policy setting is not guaranteed to be secure.


onfiguration version of this policy setting is not guaranteed to be secure.
bleshooting or resolution will be attempted. If you do not configure this policy setting, the recovery behavior for corrupted files will be set
y a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\\m

DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect beca

hanism when DNS based discovery fails.


will carry out Force Rediscovery periodically according to the configured time interval. The minimum time interval is 3600 seconds (1 hour)
y IPv6 address, then DC Locator APIs will fail. If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. T
n the ability to lock files on the Netlogon share with only read permission will be able to deny Group Policy clients from reading the files, an

k files on the SYSVOL share with only read permission will be able to deny Group Policy clients from reading the files, and in general the ava

DomainName> DcAtSite SRV _ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName> Rfc1510Kdc SRV _kerberos._tcp.<Dn


the Refresh Interval of the DC records, click Enabled, and then enter a value larger than 1800. This value specifies the Refresh Interval of th

losest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Closes

ils. If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is applied
gure this policy setting, it is not applied to any computers, and computers use their local configuration.

nd Network Configuration Operators can change properties of all-user remote access connections. Note: This setting takes precedence ove
all user remote access connections. Important: When enabled, the "Prohibit deletion of remote access connections" setting takes precede

e access connections.

s to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an al
tors have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.
the component list. Note: Not all network components have configurable properties. For components that are not configurable, the Prope
utton is always disabled. Note: When the "Ability to change properties of an all user remote access connection" or "Prohibit changing prop

from using other programs, such as Internet Explorer, to bypass this setting.

for connections. These buttons are on the General tab for LAN connections and on the Networking tab for remote access connections. No
onnection, Properties appears on the File menu. Note: This setting takes precedence over settings that manipulate the availability of featu

s connections, and the "Ability to delete all user remote access connections" setting is ignored. Note: LAN connections are created and de
ess of this setting.

not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting. Tip: To open the Advanced
ection Wizard. The Network Setup Wizard is disabled. Note: If you enable the "Windows Firewall: Protect all network connections" policy s
dows XP Professional.) By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced t
, click the Offline Files tab, click Advanced, and then select an option in the "When a network connection is lost" section. Also, see the "No
, click the Offline Files tab, click Advanced, and then select an option in the "When a network connection is lost" section. Also, see the "No

d sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minutes.

rver 2008 will not use the slow-link mode. If you do not configure this policy setting, computers running Windows Vista or Windows Server
der bar associated with the "Amount of disk space to use for temporary offline files" option.

ot configure this policy setting, remote files will be not be transparently cached on client computers.
pted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an admin
ange the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline F
ange the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline F

ns, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.
ns, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.

e global seed server, enable the setting; insert the fully qualified domain name or IPv6 address of the corporate seed server, leave the chec
Cache latency settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the
s run the version of BranchCache that is included with their operating system. In circumstances where this setting is enabled, you can also
e hosted cache servers that are specified in this policy setting and do not use the hosted cache server that is configured in the policy settin
If no other BranchCache mode-based policy settings are applied, the client computer performs automatic hosted cache server discovery. If
cy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you spe
th this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if this p
er-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this selec
setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client computer
here the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain member c

y take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will n
This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled,
t: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When
This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, d
tion in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
tion in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.

mputer Configuration policy setting takes precedence over the User Configuration policy setting.
mputer Configuration policy setting takes precedence over the User Configuration policy setting.
enable this policy and set the number of printers to display to 0.

re a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the print s

ettings in User Configuration\Administrative Templates\Windows Components\Windows Explorer, and by the "Enable Active Desktop" setti

r needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their for
r needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their for

nd" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable. -- "W
is disabled or is not configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users. No

This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled,

displayed on computers running Windows Server.

mat: <Domain Name>\<User Name> or <Domain Name>\<Group Name> If you enable this policy setting, you should also enable firewall
ect the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Dependin
but the created security context does not support delegation. -- "On" directs the RPC Runtime to accept security contexts that do not supp
tacenter Server. -- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity. -- "Full" directs RP
begin with one of the strings in the Extended Error Information Exception field. -- "Off with Exceptions" disables extended error informati
if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be acce
RPC HTTP proxy will be used. If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle

his policy setting determines the order in which computer startup and shutdown scripts are run within all applicable GPOs. You can overrid
are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the follo
are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the follo
ady prematurely. If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 m

stics will not be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.

e value field and then save it. This will create a placeholder entry that is ignored by the program.
s, and Automatic Updates. Note that Security Center might not be available following a change to this policy setting until after the compute
munity name. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also, see the other two SNM
"Specify Community Name".

does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. This policy a

pears on the Start menu, but it is empty. If you enable this setting, but then later disable it or set it to Not Configured, the document short
disable the Show Input Panel taskbar icon policy, the user will then have no way to access Input Panel.
disable the Show Input Panel taskbar icon policy, the user will then have no way to access Input Panel.

characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this setti

ns dialog box. If you enable this policy and choose Medium from the drop-down box, password security is set to Medium. At this settin
ns dialog box. If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gestur
ns dialog box. If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out gestur
an ISATAP interface configured with a link-local address. Policy Disabled State: No ISATAP interfaces are present on the host.

ublisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. I
the publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration
even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you do not configure this policy settin

connections by using Network Level Authentication. You can limit the number of users who can connect simultaneously by configuring th

disable or do not configure this policy setting, the default RDP compression algorithm will be used.

sults in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. If you disa

the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Sessio

nt establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
olicy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the cl

dministrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appear
dministrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appear

the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. 2. For Windows Server 2
for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
o playback quality will be used. Audio playback quality can be configured on the client computer by using the audioqualitymode setting in
mat is always used for these connections. 3.For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier ve

Group Policy level. Note: This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote

le changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\Use

dy been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host

erminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prom

ed. * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the conn
default. Important: Disabling this policy setting provides less security because user authentication will occur later in the remote connection

sly try to adapt the user experience to varying network quality.

If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signe
maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit e
ble or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile p

ate RD Gateway server, the server that you specify in this policy setting is used by default. Note: If you disable or do not configure this poli
he specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and

when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy setti
when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy setti
Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Compu
Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Compu
tting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration p
tting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration p
e driver can be found, show both PS and PCL-based fallback printer drivers. If you disable this policy setting, the RD Session Host server fal

age. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Workin
age. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Workin

do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. If you do not configure this pol

he "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
he "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.

ence feature must be installed on the remote computer, and the maximum color depth on the remote computer must be set to 32 bits per
ktop Services session.

nfigured, the Computer Configuration policy setting takes precedence.


nfigured, the Computer Configuration policy setting takes precedence.

erver name policy settings.

cenarios which do not depend on preventing reset of the TPM anti-hammering


logic or changing the TPM owner authorization value. Som
the default and local lists of blocked TPM commands.

PM. The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have be

end commands requiring authorization to the TPM. This value is the maximum total number of authorization failures all standard users ma
at creation time. Note: In the default case, administrators have no file access to the user's profile, but they may still take ownership of thi
ed for compatibility with earlier systems.
e "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system

ser or administrators group are not the owner of the folder, Windows will not copy files to or from the roaming folder. The user will be sho

use this policy setting to include the default folders in a roaming user profile.
files are deleted. Note: If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installe

s. It does not try again. Note: This policy setting is particularly important to servers running Remote Desktop Services. Because Remote De
ffects roaming profile users.

oice made on the logon screen. Note: This policy setting and related policy settings in this folder define the system's response when roamin

Terminal Services roaming profile path specified by the user object 3. A per-computer roaming profile path specified in this policy 4. A pe
at 6pm, it will actually upload at a random time between 6pm and 7pm. Note: If "Run at set interval" is selected, the "Time of day" optio
me folder is configured as specified in the user's Active Directory Domain Services account. If the "Set Remote Desktop Services User Hom

ver this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of bu
not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming
will be deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Server 2008, Windows V
BitLocker To Go Reader will be deleted from the drive. In this situation, for the removable drive to be unlocked on computers running Win

reate Network Key Protectors to automatically unlock with Network Unlock. If you disable or do not configure this policy setting, BitLocke
onfigurations" is enabled and has PCR 7 omitted, Bitlocker will be prevented from using Secure Boot for platform or Boot Configuration Dat

-AES 128-bit or the encryption method specified by the setup script.

determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose which BitLocker rec
BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory D
e drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose which B
tLocker setup wizard will present users with ways to store recovery options. Note: If Trusted Platform Module (TPM) initialization is neede

cters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
nst changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the M
play the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive. If you
er will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock
encryption method and cipher strength policy setting does not apply to hardware-based encryption. The encryption algorithm used by ha
e drive encryption method and cipher strength policy setting does not apply to hardware-based encryption. The encryption algorithm use
drive encryption method and cipher strength policy setting does not apply to hardware-based encryption. The encryption algorithm used
When set to "Allow complexity" a connection to a domain controller will be attempted to validate the complexity adheres to the rules set
ller will be attempted to validate the complexity adheres to the rules set by the policy, but if no domain controllers are found the password
plexity" a connection to a domain controller will be attempted to validate the complexity adheres to the rules set by the policy, but if no do
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If
sers will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer. If

or alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials fo
up Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Gr
ess it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled

d for alternate logon credentials on any installation.

on\Administrative Templates\Windows Components\File Explorer.

etting opens TCP port 445, Windows Firewall allows inbound echo requests, even if the "Windows Firewall: Allow ICMP exceptions" policy
etting opens TCP port 445, Windows Firewall allows inbound echo requests, even if the "Windows Firewall: Allow ICMP exceptions" policy
n the Windows Firewall component of Control Panel, the "File and Printer Sharing" check box is cleared. Administrators can change this che
n the Windows Firewall component of Control Panel, the "File and Printer Sharing" check box is cleared. Administrators can change this che
so, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows Firewall prevents SVCHOST.EXE and
so, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows Firewall prevents SVCHOST.EXE and
he "Remote Desktop" check box is cleared. Administrators can change this check box."
he "Remote Desktop" check box is cleared. Administrators can change this check box."
or uses other policy settings to open the required ports or enable the required programs. In the Windows Firewall component of Control P
or uses other policy settings to open the required ports or enable the required programs. In the Windows Firewall component of Control P

s if the policy setting were disabled.


s if the policy setting were disabled.
or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the "Windows Firewall: Allow local port exceptions"
or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the "Windows Firewall: Allow local port exceptions"
ram exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows Firewall: Allow local pro
ram exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows Firewall: Allow local pro
ocols to use on the Network tab. If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network

he computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. Fo

evated permissions to do either of these tasks. If you do not enable this policy setting, then users will always see an Account Control windo
g the options in the Group Policy Setting. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. I

e login screen will always show up.

tly to the Windows Update site on the Internet. Note: If the "Configure Automatic Updates" policy is disabled, then this policy has no effec

l not be offered detailed notification messages for optional applications or updates. By default, this policy setting is disabled. If you are no
lly shipped, then you should use the new Automatic Updates settings located at: 'Computer Configuration / Administrative Templates / Win

s are not displayed.

y my contacts".
s by using the Work Folders Control Panel item.
ns are allowed to run. If that value is also not present, on Windows 10 and above the OS will launch the 16-bit application support control

al hundred times a second, and the performance of the loader is essential. NOTE: Many system processes cache the value of this setting fo
ndwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).

harges and capacity constraints. 0x2 - The usage of this connection is unrestricted up to a certain data limit 0x4 - The usage of this connec
. A complete list of canonical and module names can be found in MSDN by searching "Control Panel items". If both the "Hide specified Co

of Control Panel items can be found in MSDN by searching "Control Panel items". If both the "Hide specified Control Panel items" setting an
ne TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Sessio

m.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com


sources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
m Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host runni
d characters in the "Allow delegating default credentials" server list.
card characters in the "Allow delegating fresh credentials" server list.
d when using wildcard characters in the "Allow delegating saved credentials" server list.
rators is used. If you do not configure this policy setting, the appid exemption list defined by local computer administrators is used. Notes:

ir folders and files there, even if this setting is enabled.


st set the Group Policy to "Disabled" as well as remove the security functionality from each computer, with a physically present user, in ord

tting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.

perties, and then click the Quota tab.


so that it is reasonable for the range of volumes in the group. This policy setting is effective only when disk quota management is enabled

s. If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails. If you

ght until a query is successful or all suffixes are tried. If you disable this policy setting, or if you do not configure this policy setting, the prim

fic DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Se
ntrol panel. Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on th
d. If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR resou

setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setting

malware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
e collected and included in error reports. - ""Do not collect additional computer data"": Select this if you do not want additional informatio

f you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at th
icrosoft is sent automatically. If you disable or do not configure this policy setting, then the default consent settings that are applied are th
icrosoft is sent automatically. If you disable or do not configure this policy setting, then the default consent settings that are applied are th

ation Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to the

n reporting settings policy setting. If you disable or do not configure this policy setting, the Default application reporting settings policy setti
e restarts are required for changes to this policy to take immediate effect after a Group Policy refresh. Note: This policy setting will take eff
ntifier. So, revoking an enterprise ID of mail.contoso.com will revoke the users access to all content protected under the contoso.com hier
andwriting recognition, if handwriting personalization is turned on. If you do not configure this policy, users can choose to enable or disabl
andwriting recognition, if handwriting personalization is turned on. If you do not configure this policy, users can choose to enable or disabl

PO. Note: If the ADMs that you require are not all available locally in your %windir%\inf directory, you might not be able to see all the setti
g, detecting a slow network connection will not affect whether Group Policy processing will be synchronous or asynchronous.
configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured to p
ons specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desire
dated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has
n case a user has changed it.
his stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is

der. Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\Syst
der. Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\Syst
not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchang
d. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policie

r, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.

uch as reapplying a desired policies in case a user has changed it.


the computer account and the user account are in at least Windows 2000 domains.
ed only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has chan
re updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user

tivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain contr

ies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit f
pper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large nu
number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30

nged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged pref
g query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer wh
changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged
ng query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer w
licy implementations specify that they are updated only when changed. However, you might want to update unchanged preference items,
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run m
ged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged prefe
uery, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where
e items have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to up
ng query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer w
mentations specify that they are updated only when changed. However, you might want to update unchanged preference items, such as re
de a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run modeling, a
he preference items even if the preference items have not changed. Many policy implementations specify that they are updated only when
Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the comp
cy implementations specify that they are updated only when changed. However, you might want to update unchanged preference items, s
ust provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run mo
policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference items
ust provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run m
ed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged prefer
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run m
even if the preference items have not changed. Many policy implementations specify that they are updated only when changed. However,
n when you perform a Group Policy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning
eference items even if the preference items have not changed. Many policy implementations specify that they are updated only when cha
olicy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the
ave not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unc
y Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the co
items even if the preference items have not changed. Many policy implementations specify that they are updated only when changed. How
Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the comp
es the preference items even if the preference items have not changed. Many policy implementations specify that they are updated only w
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run m
ms have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update
olicy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the
policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference item
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run m
ence items even if the preference items have not changed. Many policy implementations specify that they are updated only when changed
cy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the co
policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference item
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run
ny policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference i
you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you
ged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged prefe
uery, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where

ation unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting or any "Permit use of <extension nam
d by the "Restrict users to the explicitly permitted list of snap-ins" policy setting or any "Permit use of <extension name> preference extens

o disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy setting and leave the text box on the Setti
wed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field. If you disable this policy settin
wed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field. If you disable this policy settin
this policy setting, current values of the URL action for an application or process in the list prevail.
this policy setting, current values of the URL action for an application or process in the list prevail.
he 'Add-on List' policy for more details).
he 'Add-on List' policy for more details).
you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible
you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompatible
ngs (unless "All Processes" is enabled).
ngs (unless "All Processes" is enabled).
ult value is the integer 1.
ult value is the integer 1.
ttp://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affec
ttp://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affec
ons that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Inte
ons that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Inte
e displayed incorrectly. This option matches the default behavior of Internet Explorer.
e displayed incorrectly. This option matches the default behavior of Internet Explorer.
upported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to
t information for all content that is stored in BranchCache-enabled file shares. - Disabled. With this selection, hash publication is turned off

mputer before, computers always wait for the network to be initialized. If you enable this policy setting, computers wait for the network to
older, users cannot use any MMC snap-ins.
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
ain, or organizational unit property sheets.
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o
e snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user o

e service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microso
or for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy settin
Pv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt. You must configure this setting to hav

onnect option has no effect because the rules for DirectAccess are already removed from the NRPT. If this setting is not configured, users d

interval is 3600 seconds (1 hour) to avoid excessive network traffic from rediscovery. The maximum allowed time interval is 4294967200 se
n return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.
clients from reading the files, and in general the availability of the Netlogon share on the domain will be decreased. If you enable this poli

g the files, and in general the availability of the SYSVOL share on the domain will be decreased. If you enable this policy setting, domain ad

Kdc SRV _kerberos._tcp.<DnsDomainName> Rfc1510KdcAtSite SRV _kerberos._tcp.<SiteName>._sites.<DnsDomainName> GenericG


ecifies the Refresh Interval of the DC records in seconds (for example, the value 3600 is 60 minutes). If you do not configure this policy setti

is used explicitly, the Next Closest Site behavior will be used.

rs to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Director

his setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialo
nnections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and t

ity to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "P
of this setting.
t are not configurable, the Properties button is always disabled. Note: When the "Prohibit access to properties of a LAN connection" settin
tion" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connec

remote access connections. Note: When the "Prohibit access to properties of a LAN connection", "Ability to change properties of an all us
nipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the pr

connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections

tting. Tip: To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Proper
all network connections" policy setting, the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting has n
istrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can ch
s lost" section. Also, see the "Non-default server disconnect actions" setting.
s lost" section. Also, see the "Non-default server disconnect actions" setting.

en 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and Wi

indows Vista or Windows Server 2008 will not transition a shared folder to the slow-link mode. Computers running Windows 7 or Window

tate. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache. Note: By default, this cache is
older Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.
older Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.

orate seed server, leave the checkbox unchecked. This is the setting which will allow your mobile users to use peer to peer applications at b
figured, it will not over-write the latency setting that you use on individual client computers. - Enabled. With this selection, the BranchCach
setting is enabled, you can also select and configure the following option: Select from the following versions - Windows Vista with BITS 4.
is configured in the policy setting "Set BranchCache Hosted Cache Mode." If you do not configure this policy setting, or if you disable this p
hosted cache server discovery. If one or more hosted cache servers is found, the client computer self-configures for hosted cache mode. If
computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied. - Dis
is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domain m
Cache. - Enabled. With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. For e
k space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you specify
ned on for all domain member client computers to which the policy is applied. - Disabled. With this selection, BranchCache is turned off fo

bled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Conso
e service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Mic
ice is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured w
service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Micr
Configuration policy setting.
Configuration policy setting.
achine, such as when the print server does not support transferring print processors during point-and-print. In the case of a print processo

he "Enable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop.

nection to any server in their forest using Point and Print. If you disable this policy setting: -Windows Vista client computers can create a p
nection to any server in their forest using Point and Print. If you disable this policy setting: -Windows Vista client computers can create a p

the printer is unavailable. -- "Whenever printer is not found" prunes printer objects that are not automatically republished whenever the
will be available to all users. Note: If the "Hide Programs Control Panel" setting is enabled, this setting is ignored.

e service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Mic

you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolic
Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects throug
ecurity contexts that do not support delegation even if delegation was asked for. Note: This policy setting will not be applied until the syste
its capacity. -- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level c
isables extended error information, but lets you enable it for selected processes. To enable extended error information for a process while
specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value fo
xy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used

applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy setting
cific GPO by configuring the following policy settings for the GPO: User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\L
cific GPO by configuring the following policy settings for the GPO: User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\L
run for up to 600 seconds (10 minutes). This is the default.

Microsoft Management Console.


cy setting until after the computer is restarted for Windows XP SP2 computers. Windows Vista --------------------- In Windows Vista, this poli
ter. Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".

ecent files" setting. This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has

Configured, the document shortcuts saved before the setting was enabled reappear in the Recent Items menu and program File menus, an
will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista).

is set to Medium. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switchin
the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not confi
the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not confi
esent on the host.

n the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
ode or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.

imultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desk

y specific cases only. If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that

ion Directory Computers, Session Broker Computers, or RDS Endpoint Servers.

on Host server.
rotocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to

k conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Co
k conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Co

ettings. 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.

the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. If you disable o
esktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimu

s running Windows with Remote Desktop Session Host role service installed).

nistrative Templates\System\User Profiles is enabled.

connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. If you disable o

rver 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.

If TLS is not supported, the connection fails. This is the recommended setting for this policy. If you disable or do not configure this policy s
ur later in the remote connection process.

olicy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. Note: If you select a specific certificate to
nts that do not support 128-bit encryption. * Low: The Low setting encrypts only data sent from the client to the server by using 56-bit enc
u can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. Notes: 1. The

able or do not configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection attem
pecified Home Dir Root Path and the user's alias. If the status is set to Disabled or Not Configured, the user's home directory is as specified

Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
ttings are configured, the Computer Configuration policy setting takes precedence.
ttings are configured, the Computer Configuration policy setting takes precedence.
d, the Computer Configuration policy setting takes precedence.
d, the Computer Configuration policy setting takes precedence.
g, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver. If

am and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working director
am and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working director

If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy lev

mputer must be set to 32 bits per pixel. Also, the Themes service must be started on the remote computer. If you disable or do not configur

owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM a

es all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. The TPM

on failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
y may still take ownership of this folder to grant themselves file permissions. Note: The behavior when this policy setting is enabled is exac

profile to load when the system detects a slow connection.

ming folder. The user will be shown an error message and an entry will be written to the event log. The user's cached profile will be used, o

to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles

op Services. Because Remote Desktop Services edits the users' registry settings when they log off, the system's first few attempts to unload

e system's response when roaming user profiles are slow to download. To adjust the time within which the user must respond to this notice

h specified in this policy 4. A per-user roaming profile path specified in the user object
elected, the "Time of day" option is disregarded. Likewise, if "Run at set time of day" is chosen, the "Interval (hours)" option is disregarded
mote Desktop Services User Home Directory" policy setting is enabled, the Set user home folder policy setting has no effect.

rprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network reso
Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system de
Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the com
cked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader

gure this policy setting, BitLocker clients will not be able to create and use Network Key Protectors. Note: For reliability and security, comp
tform or Boot Configuration Data (BCD) integrity validation. Warning: Disabling this policy may result in BitLocker recovery when firmware

ces" choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "Backup recovery password and key
nformation to Active Directory Domain Services", choose which BitLocker recovery information to store in AD DS for operating system drive
omain Services" choose which BitLocker recovery information to store in AD DS for removable data drives. If you select "Backup recovery p
dule (TPM) initialization is needed during the BitLocker setup, TPM owner information will be saved or printed with the BitLocker recovery i

Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Bo
vided to unlock the drive. If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the
overy key be provided to unlock the drive. If you disable or do not configure this policy setting, BitLocker uses the default platform validatio
encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm con
on. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorith
n. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm
mplexity adheres to the rules set by the policy, but if no domain controllers are found the password will still be accepted regardless of actua
ntrollers are found the password will still be accepted regardless of actual password complexity and the drive will be encrypted using that p
es set by the policy, but if no domain controllers are found the password will still be accepted regardless of actual password complexity and
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenS
n this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenS
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenS
n this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenS
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe
n this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSe

rides the "Request credentials for network installations" setting.


om Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between p
Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group

: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall: Allow file
: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall: Allow file
ministrators can change this check box. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo reque
ministrators can change this check box. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo reque
ewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening add
ewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening add
Firewall component of Control Panel, the "UPnP framework" check box is cleared. Administrators can change this check box."
Firewall component of Control Panel, the "UPnP framework" check box is cleared. Administrators can change this check box."

wall: Allow local port exceptions" policy setting. If you do not configure this policy setting, Windows Firewall uses only the local port excepti
wall: Allow local port exceptions" policy setting. If you do not configure this policy setting, Windows Firewall uses only the local port excepti
Windows Firewall: Allow local program exceptions" policy setting. If you disable this policy setting, the program exceptions list defined by G
Windows Firewall: Allow local program exceptions" policy setting. If you disable this policy setting, the program exceptions list defined by G
st streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media server

s not listen on any addresses. For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty. Ranges are

ys see an Account Control window and require elevated permissions to do either of these tasks. On Windows 7 : This policy setting has no e
ns will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatica

led, then this policy has no effect. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Window

setting is disabled. If you are not using the Microsoft Update service, then the Software Notifications policy setting has no effect. If the "C
/ Administrative Templates / Windows Update'
-bit application support control panel to allow an elevated administrator to make the decision; on windows 7 and downlevel, the OS will al

cache the value of this setting for performance reasons. If you make changes to this setting, please reboot to ensure that your system accu
slow link (56Kbs).

t 0x4 - The usage of this connection is unrestricted up to a certain data limit and plan usage is less than 80 percent of the limit. 0x8 - Usag
". If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show

d Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Pan
kam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com

s.fabrikam.com
mote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on
er administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an object
a physically present user, in order to clear configuration persisted in UEFI. The "Enabled without lock" option allows Credential Guard to b

ces role is not installed.


k quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users

e original name query fails. If you do not configure this policy setting, computers will use their local DNS client settings to determine the qu

figure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.

NS tab in the Advanced TCP/IP Settings dialog box for each connection. For example, when a user submits a query for a single-label name s
ffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection. For example, when a user subm
not register any A and PTR resource records using a connection-specific DNS suffix.

he local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource rec
o not want additional information about the computer to be collected and included in error reports. - ""Force queue mode for application

users can only send reports at the time that a problem occurs.
t settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
t settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.

e categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components cat

tion reporting settings policy setting takes precedence.


e: This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or di
ted under the contoso.com hierarchy.
s can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the op
s can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the op

ht not be able to see all the settings that have been configured in the GPO that you are editing.
s or asynchronous.
t side extensions configured to process over a slow link.
cies, such as reapplying a desired setting in case a user has changed it.
esired setting in case a user has changed it.

nection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The defau

n\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the
n\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the
u might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
ant to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.

as changed it.

ed setting in case a user has changed it.


g a desired setting in case a user has changed it.

e a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. Th

m time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 min
to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates m
ance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad rang

want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy M
ight want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
an be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy
te unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
n the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or th
want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Mo
. However, you might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has chan
n be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy
nged preference items, such as reapplying a desired preference setting in case a user has changed it.
puter where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or there are no
hat they are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired p
file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group
e unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or the
ate unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or th
ant to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or t
d only when changed. However, you might want to update unchanged preference items, such as reapplying a desired preference setting in
o the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" opti
they are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired prefe
g trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing
er, you might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
ace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Gro
updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired preference setti
file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group
cify that they are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desir
n the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or th
wever, you might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it
g trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing
pdate unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
n the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or t
are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired preference
race file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Gr
date unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or t
update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
ted on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling
want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Mod

y "Permit use of <extension name> preference extension" policy settings.


ension name> preference extension" policy settings.

d leave the text box on the Settings tab of the Policy Properties dialog box blank. If you disable or do not configure this policy setting, thes
. If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will
. If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will
o run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
o run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g.,
com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g.,
see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic
on, hash publication is turned off for all file servers where Group Policy is applied. In circumstances where this policy setting is enabled, yo

mputers wait for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously. O
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do

ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do
ow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in do

e Services snap-in to the Microsoft Management Console.


d for changes to this policy setting to take immediate effect after a Group Policy refresh. Note: This policy setting will take effect only whe
must configure this setting to have complete NCA functionality.

setting is not configured, users do not have Connect or Disconnect options.

d time interval is 4294967200 seconds, while any value greater than 4294967 seconds (~49 days) will be treated as infinity. If you disable t

ecreased. If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capabil

ble this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain are

s.<DnsDomainName> GenericGc SRV _gc._tcp.<DnsForestName> GenericGcAtSite SRV _gc._tcp.<SiteName>._sites.<DnsForestNam


u do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.

troller hosting an Active Directory domain specified with a single-label name. The computers will not attempt DNS name resolution in this

cess Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection w
emote access connections, and this setting is ignored. Note: LAN connections are created and deleted automatically by the system when a

te remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Pr

rties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components. No
ss to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked. No

to change properties of an all user remote access connection", or "Prohibit changing properties of a private remote access connection" se
s enabled, nothing within the properties dialog box for a remote access connection will be available to users. Note: This setting does not p

ot use the Network Connections folder to create or delete a LAN connection. Note: This setting does not prevent users from using other pr

onnection icon, and click Properties. For remote access connections, click the Networking tab. In the "Components checked are used by th
ain network" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall wh
up Wizard, administrators can choose to enable ICS. Note: Internet Connection Sharing is only available when two or more network conne
0 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes.

running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the slo

. Note: By default, this cache is protected on NTFS partitions by ACLs. This setting is applied at user logon. If this setting is changed after u
se peer to peer applications at both work and home seamlessly. 4. In order to not use any seed server, enable the setting; do not insert a s
h this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. For ex
ons - Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2. If you select this version, later versions of Windows ru
cy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly. Policy c
gures for hosted cache mode. If the policy setting "Set BranchCache Distributed Cache Mode" is applied in addition to this policy, the clien
which the policy is applied. - Disabled. With this selection, BranchCache client computers use the default client computer cache age setting
ode is turned on for all domain member client computers to which the policy is applied. - Disabled. With this selection, BranchCache distrib
where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on for
er cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied. - Disabled
on, BranchCache is turned off for all client computers where the policy is applied. * This policy setting is supported on computers that are

e Microsoft Management Console.


h the Services snap-in to the Microsoft Management Console.
ed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
the Services snap-in to the Microsoft Management Console.
t. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the above p

client computers can create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warning o
client computers can create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warning o

tically republished whenever the host computer does not respond, just as it does with Windows 2000 printers. Note: This setting applies to
h the Services snap-in to the Microsoft Management Console.

ptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running. Windows Vista and later En
tation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message).
will not be applied until the system is rebooted.
its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem. Not
information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in th
pending on the selected value for this policy setting. -- "None" allows all RPC clients to connect to RPC Servers running on the machine on
e provided timeout value is used. The timeout is given in seconds. Note: This policy setting will not be applied until the system is rebooted

uring the following policy settings for the GPO: Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\Startup
ettings\Scripts (Logon/Logoff)\Logon User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff This policy setting appe
ettings\Scripts (Logon/Logoff)\Logon User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff This policy setting appe
------ In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security s
or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.

enu and program File menus, and Jump Lists. This setting does not hide or prevent the user from pinning files, folders, or websites to the J
and Windows Vista).

eyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able to c
s dialog box. If you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-o
s dialog box. If you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-o
uter are affected.
computer are affected.

dows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring th

es an encoding mechanism that results in medium quality images.


tting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through th

are configured, the Computer Configuration setting takes precedence.


are configured, the Computer Configuration setting takes precedence.

set to Dynamic. If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.
ndows Server 2012, the minimum of the following values is used as the color depth format: a.Value specified by this policy setting b.Maxi

has not expired. If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier.

or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified a

ou select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy se
to the server by using 56-bit encryption. If you disable or do not configure this setting, the encryption level to be used for remote connecti
erties dialog box. Notes: 1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A

y setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD
r's home directory is as specified at the server.
use the fallback printer driver. If you do not configure this policy setting, the fallback printer driver behavior is off by default. Note: If the "

pecified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions sta
pecified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions sta

the group Group policy Policy level and the default will be used. This setting is enabled by default. Notes: 1. For Windows Server 2008, thi

If you disable or do not configure this policy setting, desktop composition is not allowed for remote desktop sessions, even if desktop com

ures which depend on the TPM anti-hammering


logic can be used. Choose the operating system managed TPM authentication setting of "

orization to the TPM. The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when

ing authorization to the TPM. The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mo
s policy setting is enabled is exactly the same behavior as in Windows NT 4.0.

er's cached profile will be used, or a temporary profile issued if no cached profile exists. Note: The policy setting must be configured on the

ystem of roaming users' profiles on the machine.

em's first few attempts to unload the user settings are more likely to fail. This policy setting does not affect the system's attempts to update

user must respond to this notice in operating systems earlier than Microsoft Windows Vista, use the "Timeout for dialog boxes" policy setti

al (hours)" option is disregarded. If you enable this policy setting, Windows uploads the registry file of the user's roaming user profile in th
tting has no effect.

ng to connect with network resources if users choose to turn the setting off.
ofile to load when the system detects a slow connection.
der must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to enable
with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installe

For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the w
tLocker recovery when firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.

kup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key pack
AD DS for operating system drives. If you select "Backup recovery password and key package", both the BitLocker recovery password and k
If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. If y
ted with the BitLocker recovery information. Note: The 48-digit recovery password will not be available in FIPS-compliance mode. Importa

NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Access Control (PCR 11). The descriptions of PCR settings for comp
latform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set of Pla
ses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consi
BitLocker uses the algorithm configured on the drive to encrypt the drive. The Restrict encryption algorithms and cipher suites allowed for
efault, BitLocker uses the algorithm configured on the drive to encrypt the drive. The Restrict encryption algorithms and cipher suites allow
ault, BitLocker uses the algorithm configured on the drive to encrypt the drive. The Restrict encryption algorithms and cipher suites allow
be accepted regardless of actual password complexity and the drive will be encrypted using that password as a protector. When set to "Do
ive will be encrypted using that password as a protector. When set to "Do not allow complexity", no password complexity validation will be
actual password complexity and the drive will be encrypted using that password as a protector. When set to "Do not allow complexity", no
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the us
custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the us
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the us
custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the us
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
ustom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the user
link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take
Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinne

de "Windows Firewall: Allow file and printer sharing exception," "Windows Firewall: Allow remote administration exception," and "Window
de "Windows Firewall: Allow file and printer sharing exception," "Windows Firewall: Allow remote administration exception," and "Window
llows inbound ICMP echo requests (the message sent by the Ping utility), even if the "Windows Firewall: Allow ICMP exceptions" policy setti
llows inbound ICMP echo requests (the message sent by the Ping utility), even if the "Windows Firewall: Allow ICMP exceptions" policy setti
osted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it do
osted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it do
ge this check box."
ge this check box."

ll uses only the local port exceptions list that administrators define by using the Windows Firewall component in Control Panel. Other polic
ll uses only the local port exceptions list that administrators define by using the Windows Firewall component in Control Panel. Other polic
gram exceptions list defined by Group Policy is deleted. If a local program exceptions list exists, it is ignored unless you enable the "Window
gram exceptions list defined by Group Policy is deleted. If a local program exceptions list exists, it is ignored unless you enable the "Window
m from a Windows Media server.

he IPv6 filter empty. Ranges are specified using the syntax IP1-IP2. Multiple ranges are separated using "," (comma) as the delimiter. Exam

ws 7 : This policy setting has no effect. Users will always see an Account Control window and require elevated permissions to do either of t
restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and g

ll not have any effect on Windows RT PCs.

y setting has no effect. If the "Configure Automatic Updates" policy setting is disabled or is not configured, then the Software Notifications
s 7 and downlevel, the OS will allow 16-bit applications to run. Note: This setting appears in only Computer Configuration.

to ensure that your system accurately reflects those changes.


percent of the limit. 0x8 - Usage of this connection is unrestricted up to a certain data limit and plan usage is between 80 percent and 10
s" setting are enabled, the "Show only specified Control Panel items" setting is ignored. Note: The Display Control Panel item cannot be hid

Show only specified Control Panel items" setting is ignored. Note: The Display Control Panel item cannot be hidden in the Desktop context
esktop Session Host running on all machines in humanresources.fabrikam.com
s is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server
tion allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting must be running at least Windo
quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to

ent settings to determine the query behavior for unqualified multi-label names.

d to the unqualified queries.

a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example
For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.c

o update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP
orce queue mode for application errors"": Select this option if you do not want users to report errors. When this option is selected, errors a

sent policy setting.


sent policy setting.

es the Windows components category.) If you disable this policy setting or do not configure it, the Default application reporting settings po
When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to
s in Control Panel or from the opt-in dialog. This policy setting is related to the "Turn off handwriting personalization" policy setting. Note:
s in Control Panel or from the opt-in dialog. This policy setting is related to the "Turn off handwriting personalization" policy setting. Note:

user at boot or logon. The default is 5000 milliseconds. If you disable this policy setting, the Group Policy client will not cache applicable

tion speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
tion speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
hanged it.

for the user at boot or logon. The default is 5000 milliseconds. If you disable or do not configure this policy setting, the Group Policy client

selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap.
sts overlap. However, updates might be delayed significantly. Note: This setting is used only when you are establishing policy for a domain,
number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly. Im

r has changed it.


re not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
user has changed it.
are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

ming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
has changed it.
not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
e setting in case a user has changed it.
are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

p Policy Modeling or there are no preference items in this extension, no planning trace file is created.
s, such as reapplying a desired preference setting in case a user has changed it.
f you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

ng Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

ing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
has changed it.
ming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
g a desired preference setting in case a user has changed it.
u must turn on the "Tracing" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, n
uch as reapplying a desired preference setting in case a user has changed it.
ption. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
in case a user has changed it.
on. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
pplying a desired preference setting in case a user has changed it.
f you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
items, such as reapplying a desired preference setting in case a user has changed it.
ming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
tting in case a user has changed it.
ption. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

ming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
s reapplying a desired preference setting in case a user has changed it.
on. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

erforming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
has changed it.
not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

onfigure this policy setting, these commands are fully functional for all Help files. Note: Only folders on the local computer can be specifie
e Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
e Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional cha
expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional cha
ound authentication for Dynamic Access Control and Kerberos armoring. Domain functional level requirements For the options "Always pr
this policy setting is enabled, you can also select the following configuration options: - Allow hash publication for all shared folders. With t

e foreground, synchronously. On servers running Windows Server 2008 or later, this policy setting is ignored during Group Policy processin
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.

ns, but the prohibited snap-in does not appear.


ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
ns, but the prohibited snap-in does not appear.
setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system

eated as infinity. If you disable this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval. If yo

using the exclusive read capability in the domain are those approved by the administrator.

ead capability in the domain are those approved by the administrator.

iteName>._sites.<DnsForestName> Rfc1510UdpKdc SRV _kerberos._udp.<DnsDomainName> Rfc1510Kpwd SRV _kpasswd._tcp.<D


mpt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this computer i

or a remote access connection will be available to users. Note: This setting does not prevent users from using other programs, such as Inte
omatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a

remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connec

AN connection components. Note: Network Configuration Operators only have permission to change TCP/IP properties. Properties for all o
ction components is blocked. Note: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this

te remote access connection" settings are set to deny access to the connection properties dialog box, the Install and Uninstall buttons for c
rs. Note: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.

revent users from using other programs, such as Internet Explorer, to bypass this setting.

mponents checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advance
Internet Connection Firewall when you install Windows XP Service Pack 2. If you disable this setting or do not configure it, the Internet Co
hen two or more network connections are present. Note: When the "Prohibit access to properties of a LAN connection," "Ability to change
n transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value of

If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.
able the setting; do not insert a seed server name; and check the check box. If this setting is disabled or not configured, the protocol will re
where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache lat
on, later versions of Windows run the version of BranchCache that is included in these operating systems rather than later versions of Bran
e still function correctly. Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are
addition to this policy, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers are fou
lient computer cache age setting of 28 days on the client computer. In circumstances where this setting is enabled, you can also select and
his selection, BranchCache distributed cache mode is turned off for all client computers where the policy is applied. * This policy setting is
ed cache mode is turned on for all domain member client computers to which the policy is applied. - Disabled. With this selection, Branch
h the policy is applied. - Disabled. With this selection, BranchCache client computers use the default client computer cache setting of five p
upported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Se
rendering. Disabling the above policy setting does not override this behavior. Note: In cases where the client print driver does not match th

puters will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Prin
puters will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Prin

ers. Note: This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to prin
ng. Windows Vista and later Enable the Remote Assistance exception for the domain profile. The exception must contain: Port 135:TCP %
ttached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported. If you ena
estigating an RPC problem. Note: To retrieve the RPC state information from a system that maintains it, you must use a debugging tool. N
egin with one of the strings in the Extended Error Information Exception field. -- "On" enables extended error information for all processe
vers running on the machine on which the policy setting is applied. -- "Authenticated" allows only authenticated RPC Clients (per the defin
lied until the system is rebooted.

ts (Startup/Shutdown)\Startup Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\Shutdown


)\Logoff This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Confi
)\Logoff This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Confi
antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a reboot
" setting.

files, folders, or websites to the Jump Lists. See the "Do not allow pinning items in Jump Lists" setting. This policy also does not hide Tasks t
pped. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose to Medium
ures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options.
ures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options.
connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
hoose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a conn

Dynamic.
fied by this policy setting b.Maximum color depth supported by the client c.Value requested by the client If the client does not support at

fault behavior noted earlier.

on Host servers is not specified at the Group Policy level.

ke precedence over this policy setting.


l to be used for remote connections to RD Session Host servers is not enforced through Group Policy. Important FIPS compliance can be c
Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming u

to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gatew
or is off by default. Note: If the "Do not allow client printer redirection" setting is enabled, this policy setting is ignored and the fallback pri

ote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configu
ote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configu

1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.

op sessions, even if desktop composition is enabled in RDC or in the .rdp file.

TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the

a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout m

entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a l
etting must be configured on the client computer not the server for it to have any effect because the client computer sets the file share per

the system's attempts to update the files in the user profile. Tip: Consider increasing the number of retries specified in this policy setting i

out for dialog boxes" policy setting. Important: If the "Do not detect slow network connections" setting is enabled, this policy setting is ign

user's roaming user profile in the background according to the schedule set here while the user is logged on. Regular profiles are not affec
alled on the fixed drive to enable users to unlock the drive on computers running Windows Server 2008, Windows Vista, Windows XP with
cker To Go Reader will be installed on the removable drive to enable users to unlock the drive on computers running Windows Server 2008

uter is disconnected from the wired network or the server at startup.


firmware updates.

d in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup recove
Locker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has bee
package are stored in AD DS. If you select "Backup recovery password only" only the recovery password is stored in AD DS. Select the "Do
FIPS-compliance mode. Important: This policy setting provides an administrative method of recovering data encrypted by BitLocker to prev

riptions of PCR settings for computers that use an Extensible Firmware Interface (EFI) are different than the PCR settings described for com
on profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform validation profile sec
platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform valid
ms and cipher suites allowed for hardware-based encryption option enables you to restrict the encryption algorithms that BitLocker can u
algorithms and cipher suites allowed for hardware-based encryption option enables you to restrict the encryption algorithms that BitLocke
gorithms and cipher suites allowed for hardware-based encryption option enables you to restrict the encryption algorithms that BitLocker
d as a protector. When set to "Do not allow complexity", no password complexity validation will be done. Passwords must be at least 8 cha
ord complexity validation will be done. Passwords must be at least 8 characters. To configure a greater minimum length for the password,
to "Do not allow complexity", no password complexity validation will be done. Passwords must be at least 8 characters. To configure a gre
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
g may not be applied until the user logs off from Windows.
g may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
g may not be applied until the user logs off from Windows.
g may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
may not be applied until the user logs off from Windows.
rch Connector/Library links take precedence over Internet/intranet search links. If you enable this policy setting, the specified Internet site
(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links t

tration exception," and "Windows Firewall: Define inbound port exceptions." Note: Other Windows Firewall policy settings affect only inco
tration exception," and "Windows Firewall: Define inbound port exceptions." Note: Other Windows Firewall policy settings affect only inco
llow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall: Allow inbou
llow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall: Allow inbou
oes not block TCP port 445, it does not conflict with the "Windows Firewall: Allow file and printer sharing exception" policy setting. Note: M
oes not block TCP port 445, it does not conflict with the "Windows Firewall: Allow file and printer sharing exception" policy setting. Note: M
ent in Control Panel. Other policy settings can continue to open or block ports. Note: If you type an invalid definition string, Windows Firew
ent in Control Panel. Other policy settings can continue to open or block ports. Note: If you type an invalid definition string, Windows Firew
unless you enable the "Windows Firewall: Allow local program exceptions" policy setting. If you do not configure this policy setting, Wind
unless you enable the "Windows Firewall: Allow local program exceptions" policy setting. If you do not configure this policy setting, Wind
(comma) as the delimiter. Example IPv4 filters:\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22 Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA

ted permissions to do either of these tasks. On Windows 8 and Windows RT: This policy setting has no effect. Users will always see an Acco
t, the user will be notified and given the option to delay the restart.) On Windows 8 and later, you can set updates to install during automa

, then the Software Notifications policy setting has no effect.


e is between 80 percent and 100 percent of the limit. 0x10 - Usage of this connection is unrestricted up to a certain data limit, which has b
Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent

be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the c
s done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If
g must be running at least Windows 10 (Version 1511).
but users can continue to write to the volume.

" resulting in the query "example.microsoft.com," before sending the query to a DNS server. If a DNS suffix search list is not specified, the D
ches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. If a DNS s

NS resource records when a DHCP lease is granted or renewed.


n this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error rep

application reporting settings policy setting takes precedence. Also see the ""Default Application Reporting"" and ""Application Exclusion L
red with the Services snap-in to the Microsoft Management Console.
nalization" policy setting. Note: The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. W
nalization" policy setting. Note: The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. W

y client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downloads

y setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs sy

ely that client requests overlap. However, updates might be delayed significantly. This setting establishes the update rate for computer Gro
establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer only,
might be delayed significantly. Important: If the "Turn off background refresh of Group Policy" setting is enabled, this setting is ignored. Not

ace file is created.

trace file is created.

e file is created.

trace file is created.

nning trace file is created.

erence items in this extension, no planning trace file is created.

no planning trace file is created.

planning trace file is created.

nning trace file is created.

no planning trace file is created.

planning trace file is created.


s created.

e file is created.

e local computer can be specified in this policy setting. You cannot use this policy setting to enable the "Shortcut" and "WinHelp" comman
es, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso
es, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso
ents For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Wi
tion for all shared folders. With this option, BranchCache generates content information for all content in all shares on the file server. - Allo

ed during Group Policy processing at computer startup and Group Policy processing will be synchronous (these servers wait for the networ
ice is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft

e at every 12 hour interval. If you do not configure this policy setting, Force Rediscovery will be used by default for the machine at every 1

Kpwd SRV _kpasswd._tcp.<DnsDomainName> Rfc1510UdpKpwd SRV _kpasswd._udp.<DnsDomainName> If you disable this policy
S name to which this computer is joined, in the Active Directory forest.

ing other programs, such as Internet Explorer, to bypass this setting.


tions folder to create or delete a LAN connection. Note: This setting does not prevent users from using other programs, such as Internet Ex

to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connecti

P properties. Properties for all other components are unavailable to these users. Note: Nonadministrators are already prohibited from acc
s Internet Explorer, to bypass this setting.

nstall and Uninstall buttons for connections are blocked. Note: Nonadministrators are already prohibited from adding and removing conne
ss this setting.

tton, and then click the Advanced button. Note: Changing this setting from Enabled to Not Configured does not enable the Advanced butt
not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the A
N connection," "Ability to change properties of an all user remote access connection," or "Prohibit changing properties of a private remote
use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone or
t configured, the protocol will revert to using a public registry key to determine the seed server to bootstrap from.
roup Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which th
ather than later versions of BranchCache. - Windows 8. If you select this version, Windows 8 will run the version of BranchCache that is in
ction, BranchCache settings are not applied to client computers by this policy setting. - Enabled. With this selection, the policy setting is ap
ore hosted cache servers are found, the client computer self-configures for hosted cache mode only. If the policy setting "Set BranchCache
enabled, you can also select and configure the following option: - Specify the age in days for which segments in the data cache are valid.
applied. * This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with B
bled. With this selection, BranchCache hosted cache mode is turned off for all client computers where the policy is applied. In circumstanc
computer cache setting of five percent of the total disk space on the client computer. In circumstances where this setting is enabled, you c
ackground Intelligent Transfer Service (BITS) 4.0 installed.
nt print driver does not match the server print driver (mismatched connection), the client will always process the print job, regardless of th

o any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when an existing p
o any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when an existing p

prn.vbs. It does not apply to printers published by using Printers in Control Panel. Tip: If you disable automatic pruning, remember to delet
n must contain: Port 135:TCP %WINDIR%\System32\msra.exe %WINDIR%\System32\raserver.exe Windows XP with Service Pack 2 (SP2)
y method supported. If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance c
u must use a debugging tool. Note: This policy setting will not be applied until the system is rebooted.
rror information for all processes. Note: For information about the Extended Error Information Exception field, see the Windows Software
ticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exem

own)\Shutdown
icy setting set in Computer Configuration takes precedence over the setting set in User Configuration.
icy setting set in Computer Configuration takes precedence over the setting set in User Configuration.
mputers do not require a reboot for this policy setting to take effect.
policy also does not hide Tasks that the application has provided for their Jump List. This setting does not hide document shortcuts display
his policy and choose to Medium-High from the drop-down box, password security is set to Medium-High. At this setting, when users e
in Input Panel Options.
in Input Panel Options.
ion Host WMI Provider.
option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do

If the client does not support at least 16 bits, the connection is terminated.

ortant FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and sig
mote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. 2. To configure a mandatory Re

be made through that RD Gateway server.


ng is ignored and the fallback printer driver is disabled.

herwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) Note: This se
herwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) Note: This se

TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM an

hen the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption.

value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive En
computer sets the file share permissions for the roaming profile at creation time. Note: The behavior when this policy setting is enabled is

s specified in this policy setting if there are many user profiles stored in the computer's memory. This indicates that the system has not bee

enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local cop

on. Regular profiles are not affected. If this setting is disabled or not configured, the registry file for a roaming user profile will not be uplo
Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed. If this policy setting is dis
s running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader i

ed. If you select "Backup recovery password only," only the recovery password is stored in AD DS. Select the "Do not enable BitLocker unti
ng data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is store
stored in AD DS. Select the "Do not enable BitLocker until recovery information is stored in AD DS for removable data drives" check box if y
ta encrypted by BitLocker to prevent data loss due to lack of key information. If you do not allow both user recovery options you must enab

e PCR settings described for computers that use a standard BIOS. Warning: Changing from the default platform validation profile affects the
lt platform validation profile secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platf
to 23. The default platform validation profile secures the encryption key against changes to the core system firmware executable code (PCR
n algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the us
cryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable
yption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable
asswords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in
nimum length for the password, enter the desired number of characters in the "Minimum password length" box. If you disable or do not co
8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the "Minimum password
etting, the specified Internet sites will appear in the "Search again" links and the Start menu links. If you disable or do not configure this po
Search Connector/Library links take precedence over Internet/intranet search links. If you enable this policy setting, the specified Libraries

all policy settings affect only incoming messages, but several of the options of the "Windows Firewall: Allow ICMP exceptions" policy setting
all policy settings affect only incoming messages, but several of the options of the "Windows Firewall: Allow ICMP exceptions" policy setting
"Windows Firewall: Allow inbound file and printer sharing exception," "Windows Firewall: Allow inbound remote administration exception
"Windows Firewall: Allow inbound file and printer sharing exception," "Windows Firewall: Allow inbound remote administration exception
xception" policy setting. Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend tha
xception" policy setting. Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend tha
definition string, Windows Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entrie
definition string, Windows Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entrie
nfigure this policy setting, Windows Firewall uses only the local program exceptions list that administrators define by using the Windows F
nfigure this policy setting, Windows Firewall uses only the local program exceptions list that administrators define by using the Windows F
\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562

ct. Users will always see an Account Control window and require elevated permissions to do either of these tasks. If you disable this policy
updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the comp
o a certain data limit, which has been exceeded. Surcharge applied or unknown. 0x20 - Usage of this connection is unrestricted up to a cer
y Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instea

vent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.
gainst the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object ac
search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific
query to a DNS server. If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If thi
computer can send the error reports to Microsoft. - ""Corporate file path"": Type a UNC path to enable Corporate Error Reporting. All erro

g"" and ""Application Exclusion List"" policies. This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not config
mation to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent
mation to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent

uns synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link th

GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates

he update rate for computer Group Policy. To set an update rate for user policies, use the "Set Group Policy refresh interval for users" settin
policy for a local computer only, the system ignores this setting.
bled, this setting is ignored. Note: This setting establishes the update rate for user Group Policies. To set an update rate for computer Grou
ortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. For additional options, se
, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and w
, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and w
main functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selected.
l shares on the file server. - Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content info

hese servers wait for the network to be initialized during computer startup). If the server is configured as follows, this policy setting takes e
Services snap-in to the Microsoft Management Console.

efault for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value.

Name> If you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator D
er programs, such as Internet Explorer, to bypass this setting.

g private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing o

are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.

rom adding and removing connection components, regardless of this setting.

es not enable the Advanced button until the user logs off.
created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by defa
g properties of a private remote access connection" settings are set to deny access to the Connection Properties dialog box, the Advanced
d extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip n
ber client computers to which the policy is applied. - Disabled. With this selection, BranchCache client computers use the default latency s
ersion of BranchCache that is included in the operating system.
selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache se
e policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer does not perform automatic hosted cache discovery.
nts in the data cache are valid.
rise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
policy is applied. In circumstances where this setting is enabled, you can also select and configure the following option: - Type the name o
here this setting is enabled, you can also select and configure the following option: - Specify the percentage of total disk space allocated fo
ess the print job, regardless of the setting of this policy.

mand prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computers c
mand prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computers c

atic pruning, remember to delete printer objects manually whenever you remove a printer or print server.
ows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\H
ns to allow Remote Assistance communications.
field, see the Windows Software Development Kit (SDK). Note: Extended error information is formatted to be compatible with other opera
the policy setting is applied. Exemptions are granted to interfaces that have requested them. -- "Authenticated without exceptions" allows
hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. Note: It is a requiremen
gh. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, an
sing an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by d

s for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Po
. 2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host serve
er logon" setting.) Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the C
er logon" setting.) Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the C

ons that depend on the TPM anti-hammering logic. External or remote storage of the full TPM owner authorization value, for example by

s like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufac

s features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM
n this policy setting is enabled is exactly the same behavior as in Windows 2000 Professional pre-SP4 and Windows XP Professional.

ates that the system has not been able to unload the profile. Also, check the Application Log in Event Viewer for events generated by User

is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.

ming user profile will not be uploaded in the background while the user is logged on.
talled. If this policy setting is disabled, fixed data drives formatted with the FAT file system that are BitLocker-protected cannot be unlocked
ot have BitLocker To Go Reader installed. If this policy setting is disabled, removable data drives formatted with the FAT file system that are

he "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box if you want to prevent users from
y the recovery password is stored in AD DS. Select the "Do not enable BitLocker until recovery information is stored in AD DS for operating
ovable data drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and th
recovery options you must enable the "Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 an

orm validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious
urement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the N
m firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access contr
ble, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID). For exam
ot available, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID). Fo
available, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID). For
e desired number of characters in the "Minimum password length" box. If you disable this policy setting, the user is not allowed to use a pa
" box. If you disable or do not configure this policy setting, the default length constraint of 8 characters will apply to operating system drive
cters in the "Minimum password length" box. If you disable this policy setting, the user is not allowed to use a password. If you do not con
isable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu lin
cy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links. If you disable or do

w ICMP exceptions" policy setting affect outgoing communication.


w ICMP exceptions" policy setting affect outgoing communication.
emote administration exception," and "Windows Firewall: Define inbound port exceptions."
emote administration exception," and "Windows Firewall: Define inbound port exceptions."
and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe
and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe
cidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple en
cidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple en
s define by using the Windows Firewall component in Control Panel. Note: If you type an invalid definition string, Windows Firewall adds it
s define by using the Windows Firewall component in Control Panel. Note: If you type an invalid definition string, Windows Firewall adds it
e tasks. If you disable this policy setting, then only administrative users will receive update notifications. Note: On Windows 8 and Window
ill install updates when the computer is not in use, and avoid doing so when the computer is running on battery power. If automatic mainte
ection is unrestricted up to a certain data limit, which has been exceeded. No surcharge applies, but speeds are likely reduced. 0x40 - The c
play Control Panel" setting instead.
es this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process wa
ery fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the prima
uffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are re
rporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administrato

' setting is disabled or not configured.


d to make room for more recent data. Note: Handwriting personalization works only for Microsoft handwriting recognizers, and not with t
d to make room for more recent data. Note: Handwriting personalization works only for Microsoft handwriting recognizers, and not with t

mates to determine slow link thresholds. (See the Configure Group Policy Slow Link Detection policy setting to configure asynchronous fo

k and uses bandwidth estimates to determine slow link thresholds. (See the Configure Group Policy Slow Link Detection policy setting to

refresh interval for users" setting (located in User Configuration\Administrative Templates\System\Group Policy). This setting is only used
n update rate for computer Group Policies, use the "Group Policy refresh interval for computers" setting (located in Computer Configuration
paths. For additional options, see the "Restrict these programs from being launched from Help" policy.
tting by Internet Explorer, and would therefore be in conflict. Value - A number indicating the zone with which this site should be associate
tting by Internet Explorer, and would therefore be in conflict. Value - A number indicating the zone with which this site should be associate
"Supported" option is selected. When the domain functional level is set to Windows Server 2012 then the domain controller advertises to
ed. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, you

ollows, this policy setting takes effect during Group Policy processing at user logon: The server is configured as a terminal server (that is,
records register all DC Locator DNS resource records. If you do not configure this policy setting, DCs use their local configuration.
anced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000

ection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connec
erties dialog box, the Advanced tab for the connection is blocked. Note: Nonadministrators are already prohibited from configuring Intern
o be lower than the round-trip network latency. In Windows Vista or Windows Server 2008, once transitioned to slow-link mode, users will
mputers use the default latency setting of 80 milliseconds. In circumstances where this policy setting is enabled, you can also select and con

ents that use the hosted cache servers that you specify in "Hosted cache servers." - Disabled. With this selection, this policy is not applied t
utomatic hosted cache discovery. This is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied. This policy

owing option: - Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted ca
e of total disk space allocated for the cache. Specifies an integer that is the percentage of total client computer disk space to use for the Br
Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to
Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to
35:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe %WINDIR%\System32\Se
be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read
cated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machi
setting. Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
ult, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this
in this policy setting is used by default. If you disable or do not configure this policy setting, clients will not use the RD Gateway server add

ttings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the
tely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy s
oth settings are configured, the Computer Configuration setting overrides.
oth settings are configured, the Computer Configuration setting overrides.

horization value, for example by backing up the value to Active Directory Domain Services (AD DS), is recommended when using this settin

ocked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorizatio

g it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer aut
Windows XP Professional.

wer for events generated by Userenv. The system records an event whenever it tries to unload the registry portion of the user profile. The sy
er-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with
with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista, Wi

you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery
n is stored in AD DS for operating system drives" check box if you want to prevent users from enabling BitLocker unless the computer is con
connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. Note: If the "Do not enable BitLocker until
ervices (Windows Server 2008 and Windows Vista)" policy setting to prevent a policy error.

atform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.
ecord (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Acces
), and the BitLocker access control (PCR 11). Warning: Changing from the default platform validation profile affects the security and manag
bject identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.
ed by object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.10
d by object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101
he user is not allowed to use a password. If you do not configure this policy setting, passwords will be supported with the default settings,
l apply to operating system drive passwords and no complexity checks will occur. Note: Passwords cannot be used if FIPS-compliance is en
se a password. If you do not configure this policy setting, passwords will be supported with the default settings, which do not include pass
again" links or the Start menu links.
menu links. If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links o

they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this pol
they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this pol
ers are combined for multiple entries. If entries have different Status values, any definition with the Status set to "disabled" overrides all de
ers are combined for multiple entries. If entries have different Status values, any definition with the Status set to "disabled" overrides all de
string, Windows Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but
string, Windows Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but
Note: On Windows 8 and Windows RT this policy setting is enabled by default. In all prior versions of windows, it is disabled by default. If th
attery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will the
s are likely reduced. 0x40 - The connection is costed on a per-byte basis. 0x80 - The connection is roaming. 0x80000000 - Ignore congestio
nce the DCOM server process was up and running, might now fail instead. The proper action in this situation is to re-configure the DCOM
ed, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved p
y. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary
rosoft, and the next administrator to log onto the computer can send the error reports to Microsoft. - ""Replace instances of the word Mic
riting recognizers, and not with third-party recognizers.
riting recognizers, and not with third-party recognizers.

tting to configure asynchronous foreground behavior.)

Link Detection policy setting to configure asynchronous foreground behavior.)

Policy). This setting is only used when the "Turn off background refresh of Group Policy" setting is not enabled. Note: Consider notifying u
ocated in Computer Configuration\Administrative Templates\System\Group Policy). Tip: Consider notifying users that their policy is update
hich this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not config
hich this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not config
domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic
bled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server. - Disa

ured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and The Allow asynchronou
heir local configuration.
hat exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators. If you disable this setting o

n addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
ohibited from configuring Internet Connection Sharing, regardless of this setting. Note: Disabling this setting does not prevent Wireless Ho
ned to slow-link mode, users will continue to operate in slow-link mode until the user clicks the Work Online button on the toolbar in Wind
bled, you can also select and configure the following option: - Type the maximum round trip network latency (milliseconds) after which ca

ection, this policy is not applied to client computers. In circumstances where this setting is enabled, you can also select and configure the f
e Servers" is applied. This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no eff

he server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you
uter disk space to use for the BranchCache client computer cache. * This policy setting is supported on computers that are running Windo
sers can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later ser
sers can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later ser
ctr.exe %WINDIR%\System32\Sessmgr.exe For computers running Windows Server 2003 with Service Pack 1 (SP1) Port 135:TCP %WINDI
soft operating systems can read and respond to the information. Note: The default policy setting, "Off," is designed for systems where exte
PC Servers running on the machine on which the policy setting is applied. No exceptions are allowed. Note: This policy setting will not be a
dhere to this setting.
will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose High from the drop-d
t use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is spec

data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encry
RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Deskt
mmended when using this setting. Choose the operating system managed TPM authentication setting of "None" for compatibility with pre

s of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode.

er periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout
portion of the user profile. The system also records an event when it fails to update the files in a user profile.
P with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed. Note: This policy setting does not apply to drives that are form
Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed. Note: This policy setti

he backup of BitLocker recovery information to AD DS succeeds. Note: If the "Do not enable BitLocker until recovery information is stored
cker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. Note: If the "D
e "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is

usion (respectively) of the PCRs.


PCR 10), and the BitLocker Access Control (PCR 11). Warning: Changing from the default platform validation profile affects the security and
e affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is incr
mode OID: 2.16.840.1.101.3.4.1.42
in CBC mode OID: 2.16.840.1.101.3.4.1.42
CBC mode OID: 2.16.840.1.101.3.4.1.42
ported with the default settings, which do not include password complexity requirements and require only 8 characters. Note: Passwords c
be used if FIPS-compliance is enabled. The "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing" poli
ttings, which do not include password complexity requirements and require only 8 characters. Note: Passwords cannot be used if FIPS-com
pear in the "Search again" links or the Start menu links.

not, then do not enable this policy setting. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo req
not, then do not enable this policy setting. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo req
set to "disabled" overrides all definitions with the Status set to "enabled," and the port does not receive messages. Therefore, if you set th
set to "disabled" overrides all definitions with the Status set to "enabled," and the port does not receive messages. Therefore, if you set th
at you have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or
at you have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or
ws, it is disabled by default. If the "Configure Automatic Updates" policy setting is disabled or is not configured, then the Elevate Non-Adm
updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for ac
g. 0x80000000 - Ignore congestion.
on is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used
S suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, if th
the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new que
eplace instances of the word Microsoft with"": You can specify text with which to customize your error report dialog boxes. The word ""M
bled. Note: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Grou
users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windo
4. If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
4. If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
ound authentication for Dynamic Access Control and Kerberos armoring, and: - If you set the "Always provide claims" option, always return
gement on the file server. - Disallow hash publication on all shared folders. With this option, BranchCache does not generate content infor

and The Allow asynchronous user Group Policy processing when logging on through Terminal Services policy setting is enabled. This p
tors. If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.

t Connection Firewall enabled.


ng does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on
e button on the toolbar in Windows Explorer. Data will only be synchronized to the server if the user manually initiates synchronization by
ncy (milliseconds) after which caching begins. Specifies the amount of time, in milliseconds, after which BranchCache client computers beg

n also select and configure the following option: - Hosted cache servers. To add hosted cache server computer names to this policy setting
Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. If you disable, or do not configure this se

cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate. Host
mputers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0
d Windows XP SP1 (and later service packs).
d Windows XP SP1 (and later service packs).
k 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow Rem
designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely. Note:
e: This policy setting will not be applied until the system is rebooted.
choose High from the drop-down box, password security is set to High. At this setting, when users enter passwords from Input Panel t
. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.

essing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communicatio
ows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming U
None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization n

start to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the locko

system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits
not apply to drives that are formatted with the NTFS file system.
installed. Note: This policy setting does not apply to drives that are formatted with the NTFS file system.

l recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is automatically generated. If yo
AD DS succeeds. Note: If the "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives" check bo
selected, a recovery password is automatically generated. If you enable this policy setting, you can control the methods available to users t

n profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized
(malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs. Specifically, setting t

8 characters. Note: Passwords cannot be used if FIPS-compliance is enabled. The "System cryptography: Use FIPS-compliant algorithms for
ption, hashing, and signing" policy setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options s
words cannot be used if FIPS-compliance is enabled. The "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and
all allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the "Windows Firewall: Allow ICMP exception
all allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the "Windows Firewall: Allow ICMP exception
messages. Therefore, if you set the Status of a port to "disabled," you can prevent administrators from using the Windows Firewall compone
messages. Therefore, if you set the Status of a port to "disabled," you can prevent administrators from using the Windows Firewall compone
rogram with conflicting Scope or Status values. Scope parameters are combined for multiple entries. Note: If you set the Status parameter
rogram with conflicting Scope or Status values. Scope parameters are combined for multiple entries. Note: If you set the Status parameter
ured, then the Elevate Non-Admin policy setting has no effect.
ace if there is no potential for accidental data loss. Automatic maintenance can be further configured by using Group Policy settings here: C
t this policy setting may be used in the short-term as an application compatibility deployment aid. DCOM servers added to this exemption
o a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "exa
name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-do
port dialog boxes. The word ""Microsoft"" is replaced with the specified text. If you do not configure this policy setting, users can change
ns of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, rest
oup Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Poli
ide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure tun
does not generate content information for any shares on the computer and does not send content information to client computers that re

policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group Po
will not apply to administrators. Note: This setting is intended to be used in a situation in which the Group Policy object that these settings

he ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" ch
ally initiates synchronization by using Sync Center. In Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012, when op
anchCache client computers begin to cache content locally.

uter names to this policy setting, click Enabled, and then click Show. The Show Contents dialog box opens. Click Value, and then type the c
sable, or do not configure this setting, a client will not attempt to discover hosted cache servers by service connection point. Policy configu

ed in the server certificate. Hosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that the
ligent Transfer Service (BITS) 4.0 installed.
r\Binaries\Helpctr.exe Allow Remote Desktop Exception
made available remotely. Note: This policy setting will not be applied until the system is rebooted.
er passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not display
D Gateway server.

yption level when communications between clients and RD Session Host servers requires the highest level of encryption.
mote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
quire TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications. If this polic

se before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lockout log

cles elapse before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lo
s automatically generated. If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-
erating system drives" check box is selected, a recovery password is automatically generated. If you enable this policy setting, you can con
the methods available to users to recover data from BitLocker-protected removable data drives. If this policy setting is not configured or d

cations (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.
f the PCRs. Specifically, setting this policy with PCR 7 omitted, will override the "Allow Secure Boot for integrity validation" group policy, pr

se FIPS-compliant algorithms for encryption, hashing, and signing" policy setting in Computer Configuration\Windows Settings\Security Se
Local Policies\Security Options specifies whether FIPS-compliance is enabled.
hms for encryption, hashing, and signing" policy setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Secur
ws Firewall: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall:
ws Firewall: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall:
g the Windows Firewall component in Control Panel to enable the port. Note: The only effect of setting the Status value to "disabled" is tha
g the Windows Firewall component in Control Panel to enable the port. Note: The only effect of setting the Status value to "disabled" is tha
: If you set the Status parameter of a definition string to "disabled," Windows Firewall ignores port requests made by that program and ign
: If you set the Status parameter of a definition string to "disabled," Windows Firewall ignores port requests made by that program and ign
sing Group Policy settings here: Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler 5 =
servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLau
rminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary D
ft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, th
policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on comp
nd closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere wit
strictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress.
exible authentication secure tunneling (FAST). - If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerbero
ation to client computers that request content.

tive templates\System\Group Policy\. If this configuration is not implemented on the server, this policy setting is ignored. In this case, Grou
Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, a

"Don't use hosted networks" check box.


Windows Server 2012, when operating in slow-link mode Offline Files synchronizes the user's files in the background at regular intervals, o
Click Value, and then type the computer names of the hosted cache servers.
connection point. Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not ap

ed cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted
and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel Opti
-based applications. If this policy setting is disabled or not configured and the "Turn on TPM backup to Active Directory Domain Services

the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware

ully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's h
to recover data from BitLocker-protected fixed data drives. If this policy setting is not configured or disabled, the default recovery options
e this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives. If th
icy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the

tively) of the PCRs.


grity validation" group policy, preventing BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validatio

n\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.

rity Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.


445 include "Windows Firewall: Allow inbound file and printer sharing exception," "Windows Firewall: Allow inbound remote administratio
445 include "Windows Firewall: Allow inbound file and printer sharing exception," "Windows Firewall: Allow inbound remote administratio
Status value to "disabled" is that Windows Firewall ignores other definitions for that port that set the Status to "enabled." If another polic
Status value to "disabled" is that Windows Firewall ignores other definitions for that port that set the Status to "enabled." If another polic
s made by that program and ignores other definitions that set the Status of that program to "enabled." Therefore, if you set the Status to "
s made by that program and ignores other definitions that set the Status of that program to "enabled." Therefore, if you set the Status to "
ts->Maintenance Scheduler 5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and inst
pecific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. Also note, exemption
NS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.
e.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, a
gs are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Server
users can run, might interfere with tasks in progress.
with tasks in progress.
tion, rejects unarmored Kerberos messages. Warning: When "Fail unarmored authentication requests" is set, then client computers which
tting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized durin
ws XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and
ackground at regular intervals, or as configured by the "Configure Background Sync" policy. While in slow-link mode, Windows periodically
BranchCache settings are not applied to client computers by this policy setting, and client computers do not perform hosted cache server d

es certificate store on all hosted cache client computers. * This policy setting is supported on computers that are running Windows Vista Bu
is setting in the Input Panel Options dialog box. If you disable this policy, password security is set to Medium-High. At this setting, when
ctive Directory Domain Services" policy setting is also disabled or not configured, the default setting is to store the full TPM authorization

rator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use

administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard use
ed, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by
ed operating system drives. If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker reco
By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and reco

on Data (BCD) integrity validation. Setting this policy may result in BitLocker recovery when firmware is updated. If you set this policy to inc

enabled.
ow inbound remote administration exception," and "Windows Firewall: Define inbound port exceptions."
ow inbound remote administration exception," and "Windows Firewall: Define inbound port exceptions."
us to "enabled." If another policy setting opens a port, or if a program in the program exceptions list asks Windows Firewall to open a port
us to "enabled." If another policy setting opens a port, or if a program in the program exceptions list asks Windows Firewall to open a port
erefore, if you set the Status to "disabled," you prevent administrators from allowing the program to ask Windows Firewall to open addition
erefore, if you set the Status to "disabled," you prevent administrators from allowing the program to ask Windows Firewall to open addition
c Updates should notify and install updates. With this option, local administrators will be allowed to use the Windows Update control pane
or groups. Also note, exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if pre
ubmits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devoluti
the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved fu
hat are running Windows Server 2003. If you disable this policy setting, configuration settings in the policy setting are left blank. See relate
set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller. To ensure this feature
e network to be initialized during user logon). If you disable or do not configure this policy setting and users log on to a client computer or
Windows 2000 Professional and Windows XP Professional computers.
ink mode, Windows periodically checks the connection to the folder and brings the folder back online if network speeds improve. In Wind
t perform hosted cache server discovery. - Enabled. With this selection, the policy setting is applied to client computers, which perform au

hat are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
um-High. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allow
tore the full TPM authorization value in the local registry. If this policy is disabled or not configured and the "Turn on TPM backup to Acti

d; allowing standard users to use the TPM normally again immediately. If this value is not configured, a default value of 4 is used. A value o

e ignored; allowing standard users to use the TPM normally again immediately. If this value is not configured, a default value of 9 is used.
overy options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to
are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery
word and recovery key, and recovery information is not backed up to AD DS

dated. If you set this policy to include PCR 0, suspend BitLocker prior to applying firmware updates.
Windows Firewall to open a port, Windows Firewall opens the port. Note: If any policy setting opens TCP port 445, Windows Firewall allow
Windows Firewall to open a port, Windows Firewall opens the port. Note: If any policy setting opens TCP port 445, Windows Firewall allow
indows Firewall to open additional ports. However, even if the Status is "disabled," the program can still receive unsolicited incoming mess
indows Firewall to open additional ports. However, even if the Status is "disabled," the program can still receive unsolicited incoming mess
e Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the co
4-bit versions of the server if present.
er if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is u
primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this que
setting are left blank. See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error
controller. To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for Dyn
rs log on to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the computer t
etwork speeds improve. In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep users always working offline in sl
nt computers, which perform automatic hosted cache server discovery and which are configured as hosted cache mode clients. - Disabled

sfer Service (BITS) 4.0 installed.


by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configu
he "Turn on TPM backup to Active Directory Domain Services" group policy setting is enabled, then only the administrative delegation and

ault value of 4 is used. A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an auth

red, a default value of 9 is used. A value of zero means the OS will not allow standard users to send commands to the TPM which may caus
information is not backed up to AD DS
y the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
ort 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the "Windows Firew
ort 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the "Windows Firew
ceive unsolicited incoming messages through a port if another policy setting opens that port. Note: Windows Firewall opens ports for the
ceive unsolicited incoming messages through a port if another policy setting opens that port. Note: Windows Firewall opens ports for the
not be allowed to disable the configuration for Automatic Updates. If the status for this policy is set to Disabled, any updates that are avail
ails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a de
soft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com
ng), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Managem
ompound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient num
escribed earlier, the computer typically does not wait for the network to be fully initialized. In this case, users are logged on with cached cr
users always working offline in slow-link mode. If you disable this policy setting, computers will not use the slow-link mode.
d cache mode clients. - Disabled. With this selection, this policy is not applied to client computers.
Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, password security
he administrative delegation and the user delegation blobs are stored in the local registry. Note: If the operating system managed TPM au

he TPM which may cause an authorization failure.

ands to the TPM which may cause an authorization failure.


ity), even if the "Windows Firewall: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 inc
ity), even if the "Windows Firewall: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 inc
ows Firewall opens ports for the program only when the program is running and "listening" for incoming messages. If the program is not ru
ows Firewall opens ports for the program only when the program is running and "listening" for incoming messages. If the program is not ru
abled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Upd
ubmitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The de
he query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyo
ternet Communication Management/Internet Communication settings.
cation requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic Acce
ers are logged on with cached credentials. Group Policy is applied asynchronously in the background. Notes: -If you want to guarantee the
ure this policy, password security is set to Medium-High by default. At this setting, when users enter passwords from Input Panel they use
erating system managed TPM authentication setting is changed from "Full" to "Delegated" the full TPM owner authorization value will be
s that can open TCP port 445 include "Windows Firewall: Allow inbound file and printer sharing exception," "Windows Firewall: Allow inbou
s that can open TCP port 445 include "Windows Firewall: Allow inbound file and printer sharing exception," "Windows Firewall: Allow inbou
essages. If the program is not running, or is running but not listening for those messages, Windows Firewall does not open its ports.
essages. If the program is not running, or is running but not listening for those messages, Windows Firewall does not open its ports.
do this, search for Windows Update using Start. If the status is set to Not Configured, use of Automatic Updates is not specified at the Grou
a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default de
S suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default d
failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled). Impact on domai
es: -If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon,
words from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the cursor
wner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid. If you are backin
" "Windows Firewall: Allow inbound remote administration exception," and "Windows Firewall: Define inbound port exceptions."
" "Windows Firewall: Allow inbound remote administration exception," and "Windows Firewall: Define inbound port exceptions."
l does not open its ports.
l does not open its ports.
dates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
evel policy setting. The default devolution level is two. If you enable this policy setting, or if you do not configure this policy setting, DNS cli
this policy setting. The default devolution level is two. If you enable this policy setting and DNS devolution is also enabled, DNS clients use
on is enabled). Impact on domain controller performance when this policy setting is enabled: - Secure Kerberos domain capability discove
profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying po
anel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Panel O
will be invalid. If you are backing up the TPM owner authorization value to AD DS, the new owner authorization value will be automatical
ound port exceptions."
ound port exceptions."
dates through Control Panel.
figure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved an
n is also enabled, DNS clients use the DNS devolution level that you specify. If this policy setting is disabled, or if this policy setting is not co
beros domain capability discovery is required resulting in additional message exchanges. - Claims and compound authentication for Dynam
o be available before applying policy. -If Folder Redirection policy will apply during the next logon, security policies will be applied asynchro
e Advanced tab in Input Panel Options in Windows 7 and Windows Vista. Caution: If you lower password security settings, people who can
ization value will be automatically backed up to AD DS when it is changed.
gle-label name to be resolved and the devolved primary DNS suffix. If you disable this policy setting, DNS clients do not attempt to resolve
, or if this policy setting is not configured, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
pound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more proc
policies will be applied asynchronously during the next update cycle, if network connectivity is available.
ecurity settings, people who can see the users screen might be able to see their passwords.
clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffi
DNS devolution is enabled.
sage which results in more processing time and greater Kerberos service ticket size. - Kerberos armoring fully encrypts Kerberos messages
d the devolved primary DNS suffix.
ully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service tick
does not change the service ticket size.
Status Policy Path

Computer Configuration\Windows Settings\Account Policies\Password Policy


Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Account Lockout Pol
Computer Configuration\Windows Settings\Account Policies\Account Lockout Pol
Computer Configuration\Windows Settings\Account Policies\Account Lockout Pol
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\User Rights Assignme
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Computer Configuration\Windows Settings\Security Settings\System Services
Computer Configuration\Windows Settings\Security Settings\Registry
Computer Configuration\Windows Settings\Security Settings\File System
Policy Name Supported On

Enforce password history At least Windows XP SP2, Windows Server 2003


Maximum password age At least Windows XP SP2, Windows Server 2003
Minimum password age At least Windows XP SP2, Windows Server 2003
Minimum password length At least Windows XP SP2, Windows Server 2003
Password must meet complexity requirement At least Windows XP SP2, Windows Server 2003
Store passwords using reversible encryption for all users in the domain At least Windows XP SP2, Windows Server 2003
Account lockout duration At least Windows XP SP2, Windows Server 2003
Account lockout threshold At least Windows XP SP2, Windows Server 2003
Reset lockout counter after At least Windows XP SP2, Windows Server 2003
Enforce user logon restrictions At least Windows XP SP2, Windows Server 2003
Maximum lifetime for service ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket renewal At least Windows XP SP2, Windows Server 2003
Maximum tolerance for computer clock synchronization At least Windows XP SP2, Windows Server 2003
Audit account logon events At least Windows XP SP2, Windows Server 2003
Audit account management At least Windows XP SP2, Windows Server 2003
Audit directory service access At least Windows XP SP2, Windows Server 2003
Audit logon events At least Windows XP SP2, Windows Server 2003
Audit object access At least Windows XP SP2, Windows Server 2003
Audit policy change At least Windows XP SP2, Windows Server 2003
Audit privilege use At least Windows XP SP2, Windows Server 2003
Audit process tracking At least Windows XP SP2, Windows Server 2003
Audit system events At least Windows XP SP2, Windows Server 2003
Access this computer from the network At least Windows XP SP2, Windows Server 2003
Access Credential Manager as a trusted caller At least Windows Vista, Windows Server 2008
Act as part of the operating system At least Windows XP SP2, Windows Server 2003
Add workstations to a domain At least Windows XP SP2, Windows Server 2003
Adjust memory quotas for a process At least Windows XP SP2, Windows Server 2003
Allow log on locally At least Windows XP SP2, Windows Server 2003
Allow log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Backup files and directories At least Windows XP SP2, Windows Server 2003
Bypass traverse checking At least Windows XP SP2, Windows Server 2003
Change the system time At least Windows XP SP2, Windows Server 2003
Change the time zone At least Windows Vista, Windows Server 2008
Create a pagefile At least Windows XP SP2, Windows Server 2003
Create a token object At least Windows XP SP2, Windows Server 2003
Create global objects At least Windows XP SP2, Windows Server 2003
Create permanent shared objects At least Windows XP SP2, Windows Server 2003
Create Symbolic Links At least Windows Vista, Windows Server 2008
Debug programs At least Windows XP SP2, Windows Server 2003
Deny access to this computer from the network At least Windows XP SP2, Windows Server 2003
Deny log on as a batch job At least Windows XP SP2, Windows Server 2003
Deny log on as a service At least Windows XP SP2, Windows Server 2003
Deny log on locally At least Windows XP SP2, Windows Server 2003
Deny log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Enable computer and user accounts to be trusted for delegation At least Windows XP SP2, Windows Server 2003
Force shutdown from a remote system At least Windows XP SP2, Windows Server 2003
Generate security audits At least Windows XP SP2, Windows Server 2003
Impersonate a client after authentication At least Windows XP SP2, Windows Server 2003
Increase a process working set At least Windows Vista, Windows Server 2008
Increase scheduling priority At least Windows XP SP2, Windows Server 2003
Load and unload device drivers At least Windows XP SP2, Windows Server 2003
Lock pages in memory At least Windows XP SP2, Windows Server 2003
Log on as a batch job At least Windows XP SP2, Windows Server 2003
Log on as a service At least Windows XP SP2, Windows Server 2003
Log on locally Only Windows XP SP2
Manage auditing and security log At least Windows XP SP2, Windows Server 2003
Modify an object label At least Windows Vista, Windows Server 2008
Modify firmware environment values At least Windows XP SP2, Windows Server 2003
Perform volume maintenance tasks At least Windows XP SP2, Windows Server 2003
Profile single process At least Windows XP SP2, Windows Server 2003
Profile system performance At least Windows XP SP2, Windows Server 2003
Remove computer from docking station At least Windows XP SP2, Windows Server 2003
Replace a process level token At least Windows XP SP2, Windows Server 2003
Restore files and directories At least Windows XP SP2, Windows Server 2003
Shut down the system At least Windows XP SP2, Windows Server 2003
Synchronize directory service data At least Windows XP SP2, Windows Server 2003
Take ownership of files or other objects At least Windows XP SP2, Windows Server 2003
Accounts: Administrator account status Windows XP SP2, Windows Server 2003
Accounts: Block Microsoft accounts Windows 8, Windows Server 2012
Accounts: Guest account status At least Windows XP SP2, Windows Server 2003
Accounts: Limit local account use of blank passwords to console logon only At least Windows XP SP2, Windows Server 2003
Accounts: Rename administrator account At least Windows XP SP2, Windows Server 2003
Accounts: Rename guest account At least Windows XP SP2, Windows Server 2003
Audit: Audit the accesss of global system objects At least Windows XP SP2, Windows Server 2003
Audit: Audit the use of Backup and Restore privilege At least Windows XP SP2, Windows Server 2003
Audit: Force audit policy subcategory settings (Windows Vista or later) to overrAt least Windows Vista, Windows Server 2008
Audit: Shut down system immediately if unable to log security audits At least Windows XP SP2, Windows Server 2003
DCOM: Machine Access Restrictions in Security Descriptor Definition Langu At least Windows XP SP2, Windows Server 2003
DCOM: Machine Launch Restrictions in Security Descriptor Definition Langu At least Windows XP SP2, Windows Server 2003
Devices: Allow undock without having to log on At least Windows XP SP2, Windows Server 2003
Devices: Allowed to format and eject removable media At least Windows XP SP2, Windows Server 2003
Devices: Prevent users from installing printer drivers At least Windows XP SP2, Windows Server 2003
Devices: Restrict CD-ROM access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Restrict floppy access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Unsigned driver installation behavior Only Windows XP SP2, Windows Server 2003
Domain controller: Allow server operators to schedule tasks At least Windows XP SP2, Windows Server 2003
Domain controller: LDAP server signing requirements At least Windows XP SP2, Windows Server 2003
Domain controller: Refuse machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt or sign secure channel data (always) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally sign secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Disable machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Maximum machine account password age At least Windows XP SP2, Windows Server 2003
Domain member: Require strong (Windows 2000 or later) session key At least Windows XP SP2, Windows Server 2003
Interactive logon: Do not display last user name At least Windows XP SP2, Windows Server 2003
Interactive Logon: Display user information when session is locked At least Windows Vista, Windows Server 2008
Interactive logon: Do not require CTRL+ALT+DEL At least Windows XP SP2, Windows Server 2003
Interactive logon: Machine account lockout threshold Windows 8, Windows Server 2012
Interactive logon: Machine inactivity limit Windows 8, Windows Server 2012
Interactive logon: Message text for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Message title for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Number of previous logons to cache (in case domain controllAt least Windows XP SP2, Windows Server 2003
Interactive logon: Prompt user to change password before expiration At least Windows XP SP2, Windows Server 2003
Interactive logon: Require Domain Controller authentication to unlock workstaAt least Windows XP SP2, Windows Server 2003
Interactive logon: Require smart card At least Windows XP SP2, Windows Server 2003
Interactive logon: Smart card removal behavior At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (if server agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Send unencrypted password to third-party SMB serv At least Windows XP SP2, Windows Server 2003
Microsoft network server: Amount of idle time required before suspending sesAt least Windows XP SP2, Windows Server 2003
Microsoft network server: Attempt S4U2Self to obtain claim information Windows 8, Windows Server 2012
Microsoft network server: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Digitally sign communications (if client agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Disconnect clients when logon hours expire At least Windows XP SP2, Windows Server 2003
Microsoft network server: Server SPN target name validation level At least Windows 7, Windows Server 2008 R2
Network access: Allow anonymous SID/Name translation At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts and At least Windows XP SP2, Windows Server 2003
Network access: Do not allow storage of passwords and credentials for networAt least Windows XP SP2, Windows Server 2003
Network access: Let Everyone permissions apply to anonymous users At least Windows XP SP2, Windows Server 2003
Network access: Named Pipes that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths and sub-paths At least Windows XP SP2, Windows Server 2003
Network access: Restrict anonymous access to Named Pipes and Shares At least Windows XP SP2, Windows Server 2003
Network access: Shares that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Sharing and security model for local accounts At least Windows XP SP2, Windows Server 2003
Network security: Do not store LAN Manager hash value on next password c At least Windows XP SP2, Windows Server 2003
Network security: Force logoff when logon hours expire At least Windows XP SP2, Windows Server 2003
Network security: LAN Manager authentication level At least Windows XP SP2, Windows Server 2003
Network security: LDAP client signing requirements At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including sAt least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including At least Windows XP SP2, Windows Server 2003
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Incoming NTLM traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit Incoming NTLM Traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add remote server exceptions for NTLM authAt least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add server exceptions in this domain At least Windows 7, Windows Server 2008 R2
Network security: Allow LocalSystem NULL session fallback At least Windows 7, Windows Server 2008 R2
Network security: Allow Local System to use computer identity for NTLM At least Windows 7, Windows Server 2008 R2
Network security: Allow PKU2U authentication requests to this computer to use
At least Windows 7, Windows Server 2008 R2
Network security: Configure encryption types allowed for Kerberos At least Windows 7, Windows Server 2008 R2
Recovery console: Allow automatic administrative logon At least Windows XP SP2, Windows Server 2003
Recovery console: Allow floppy copy and access to all drives and all folders At least Windows XP SP2, Windows Server 2003
Shutdown: Allow system to be shut down without having to log on At least Windows XP SP2, Windows Server 2003
Shutdown: Clear virtual memory pagefile At least Windows XP SP2, Windows Server 2003
System cryptography: Use FIPS compliant algorithms for encryption, hashing,At least Windows XP SP2, Windows Server 2003
System cryptography: Force strong key protection for user keys stored on th At least Windows XP SP2, Windows Server 2003
System objects: Default owner for objects created by members of the AdminisAt least Windows XP SP2, Windows Server 2003
System objects: Require case insensitivity for non-Windows subsystems At least Windows XP SP2, Windows Server 2003
System objects: Strengthen default permissions of internal system objects (e.gWindows XP SP2, Windows Server 2003
System settings: Optional subsystems At least Windows Vista, Windows Server 2003
System settings: Use Certificate Rules on Windows Executables for Software A
Rt least Windows Vista, Windows Server 2003
User Account Control: Admin Approval Mode for the Built-in Administrator acc At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for administrators in At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for standard users At least Windows Vista, Windows Server 2008
User Account Control: Detect application installations and prompt for elevatio At least Windows Vista, Windows Server 2008
User Account Control: Only elevate executables that are signed and validatedAt least Windows Vista, Windows Server 2008
User Account Control: Only elevate UIAccess applications that are installed At least Windows Vista, Windows Server 2008
in secure locations
User Account Control: Run all administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008
User Account Control: Switch to the secure desktop when prompting for elevaAt least Windows Vista, Windows Server 2008
User Account Control: Virtualize file and registry write failures to per-user locaAt least Windows Vista, Windows Server 2008
User Account Control: Allow UIAccess applications to prompt for elevation wit At least Windows Vista, Windows Server 2008
Maximum application log size Only Windows XP SP2, Windows Server 2003
Maximum security log size Only Windows XP SP2, Windows Server 2003
Maximum system log size Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing application log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing security log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing system log Only Windows XP SP2, Windows Server 2003
Retain application log Only Windows XP SP2, Windows Server 2003
Retain security log Only Windows XP SP2, Windows Server 2003
Retain system log Only Windows XP SP2, Windows Server 2003
Retention method for application log Only Windows XP SP2, Windows Server 2003
Retention method for security log Only Windows XP SP2, Windows Server 2003
Retention method for system log Only Windows XP SP2, Windows Server 2003
Restricted Groups Only Windows XP SP2, Windows Server 2003
System Services Only Windows XP SP2, Windows Server 2003
Registry Only Windows XP SP2, Windows Server 2003
File System Only Windows XP SP2, Windows Server 2003
Registry Settings

Password Policy security settings are not registry keys.


Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
Not a registry key
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPassw
ordUse
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObject
s
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAudit
ing
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLeg
acyAuditPolicy
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFai
l
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineAccessRestriction
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineLaunchRestriction
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\UndockWithoutLogon
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanM
an Print Services\Servers\AddPrinterDrivers
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies
MACHINE\Software\Microsoft\Driver Signing\Policy
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\L
DAPServerIntegrity
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\RefusePasswordChange
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\RequireSignOrSeal
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\SealSecureChannel
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\SignSecureChannel
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\DisablePasswordChange
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\MaximumPasswordAge
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
s\RequireStrongKey
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Syst
em, value=DontDisplayLockedUserId
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\DisableCAD
Not a registry key
Not a registry key
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\LegalNoticeText
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\LegalNoticeCaption
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ForceUnlockLogon
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\ScForceOption
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScRemoveOption
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation
\Parameters\RequireSecuritySignature
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation
\Parameters\EnableSecuritySignature
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation
\Parameters\EnablePlainTextPassword
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\AutoDisconnect
Not a registry key
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\RequireSecuritySignature
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\EnableSecuritySignature
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\EnableForcedLogOff
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\SmbServerNameHardeningLevel
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymo
usSAM
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymo
us
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainC
reds
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneInclude
sAnonymous
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\NullSessionPipes
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\
Winreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\
Winreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\NullSessionShares
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\NullSessionShares
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLe
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientInte
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMin
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMi
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictS
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictR
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditRece
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAl
MACHINE\System\CurrentControlSet\Services\Netlogon\Paramete
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownul
lsessionfallback
MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId
MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnlin
eID
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\Kerberos\Parameters\SupportedEncryptionTypes
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem\ShutdownWithoutLogon
MACHINE\System\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPo
licy
MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProt
ection
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdmin
Owner
MACHINE\System\CurrentControlSet\Control\Session
Manager\Kernel\ObCaseInsensitive
MACHINE\System\CurrentControlSet\Control\Session
Manager\ProtectionMode
MACHINE\System\CurrentControlSet\Control\Session
Manager\SubSystems\optional
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifi
ers\AuthenticodeEnabled
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Fil
terAdministratorToken
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\C
onsentPromptBehaviorAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\C
onsentPromptBehaviorUser
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\E
nableInstallerDetection
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Va
lidateAdminCodeSignatures
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\E
nableSecureUIAPaths
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\E
nableLUA
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Pr
omptOnSecureDesktop
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\E
nableVirtualization
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\E
nableUIADesktopToggle
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Restricted Groups policy settings are not registry keys.
System Services policy settings are not registry keys.
not a registry key
File System policy settings are not registry keys.
Help Text

Enforce password history


Maximum password
This security age
setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. T
Minimum
This password age
This security
policy enablessettingadministrators
determines thetoperiod enhance of time (in days)
security that a password
by ensuring can be used
that old passwords arebefore the system
not reused requires the user to change it. You can set passwo
continually.
less than
Minimum the
passwordmaximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.
This security setting length
determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 9
Default:
Note:
Password
This It is amust
security security
meetbest
setting practicethe
complexity
determines to least
have passwords
requirements expire every that30a to 90 days,for depending on yourmay environment. This way, an attacker has a limited
1 andamount o
The minimum password age must be lessnumber
than theofMaximum
characters password password
age, unless athe
user account
maximum password contain.
ageYou is setcan
to set a value ofthat
0, indicating between
passwords 14 char
will neve
24
Storeon domain
passwords controllers.
using reversiblewhetherencryption
Default:
This
0 42. setting
on security
stand-alone
Default: determines
servers. passwords must meet complexity requirements.
Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cy
Account
defined
This lockout
password
security duration
when
setting the userwhether
determines logs on.meet
If the
the password
operating history
system is setpasswords
stores to 0, the userusing does not have
reversible to choose a new password. For this reason, Enforce passw
encryption.
If this
Note:
7 policy
By default,
on domain iscontrollers.
enabled,
member passwords
computers must
follow thethe following
configuration minimum requirements:
of their domain controllers.
Account
To
0 maintain
on
This lockout
stand-alone
security the threshold
effectiveness
servers.
setting determines of the password
number of history,
minutes doa not allow
locked-out passwords
account to be
remains changed
locked immediately
out before afterfor
they
automatically were just changed
becoming by also
unlocked. The enabling
available the Miu
range
Default:
This policy provides
Not contain the user's support
account forname
applications
or partsthat useuser's
of the protocols that require
full name knowledge
that exceed of the user's
two consecutive password
characters authentication purposes. Storing passwords
Reset
Be
This account
atsecurity
least lockout
sixsetting
characterscounter
in
determines after
length
Note:
If
1 an By default,
account
on policy
This domain member
lockout threshold
is controllers.
required when isthe
computers
using
number
followthe
defined, ofaccount
the failed
Challenge-Handshake
logon
configuration
lockoutattempts
their that
ofduration
Authentication domaincauses
must be
Protocol
a user account
controllers.
greater
(CHAP) than to be to
or equal
authentication
locked
the out. A
reset
through
locked-out account cannot be used until it i
time.
remote access or Internet Authentication Serv
Contain
Enforce characters
user logon from three
restrictions of the following four categories:
0 on security
This
English
Failed stand-alone
uppercase
password servers.
setting determines
characters
attempts against(Athe number
through Z)
workstations of minutes
or member thatservers
must elapsethat afterbeen
have a failed logon
locked attempt
using either before the failed logon attempt
CTRL+ALT+DELETE counter is reset screen
or password-protected to 0 badsav
lo
Default:
Default: None,
Disabled. because this policy setting only has meaning when an Account lockout threshold is specified.
English
Maximum
This lowercase
lifetime characters
for service (a
ticketthrough z)
If an security
Note:
Base By0. default,
account
Default:10 digits
setting
lockout determines
(0 member
threshold
through 9) iswhether
computers defined, the
follow Kerberos
the
this V5must
configuration
reset time KeyofbeDistribution
their thanCenter
lessdomain (KDC)
to thevalidates
orcontrollers.
equal Accounteverylockout request for a session ticket against the user rights pol
duration.
Maximum
Non-alphabetic
This securitylifetime fordetermines
setting user ticket
characters (for example,
the !,
maximum $, #, %)
amount of time (in minutes) that a granted session ticket can be used to access a particular service. The setting
Default:
Default: Enabled.
None, because this
Complexity requirements arepolicy
enforced setting
whenonly has meaning
passwords when an Account
are changed or created. lockout threshold is specified.
Maximum
This securitylifetime for user ticket
settingandetermines renewal
the maximum amount of timea(in hours) that
If a client presents expired session ticket when it requests connection toaauser's
server,ticket-granting
the server returnsticketan (TGT)
errormay be used.
message. The client must request a new ses
with
This servers.
Maximumsecurity Ongoing
tolerance
setting foroperations
computer
determines theare
clocknot interrupted
synchronization
period of time (in if the
days) session
during ticket
which that
a is used
user's to authenticate
ticket-granting ticketthe connection
(TGT) may beexpires during the connection.
renewed.
Default: 10 hours.
Audit
Default:
This account
600
security logon events
minutes
setting (10 hours). the maximum time difference (in minutes) that Kerberos V5 tolerates between the time on the client clock and the time on the
determines
Default: 7 days.
Audit
This accountsetting
security management
determines whether
Enabled
To preventon"replay
domainattacks,"
controllers.
Kerberos V5 the
usesOS audits
time eachastime
stamps partthis computer
of its protocolvalidates
definition.anFor
accounts credentials.
time stamps to work properly, the clocks of the client and the do
Disabled
the on stand-alone
maximum acceptable servers.
difference to Kerberos V5 between a client clock and domain controller clock. If the difference between a client clock
Audit
This directory service access
Account logon events are generated whenever a computer validates the credentials of an account for which it is of
security setting determines whether to audit each event of account management on a computer. Examples account management
authoritative. eventsand
Domain members
the domain
include:
and non-dom
account
Audit
Note: Byon
logon
Important
This aevents
domain
default,
security controller,
member
setting may
computers
determines be inthe
follow
whether support
the
OS of a logon
configuration
audits to their
of another
user attempts to computer.
domain Credential
controllers.
access Active Directoryvalidation
objects.isAudit
stateless
is onlysogenerated
there is noforcorresponding logoff
objects that have event afo
system
A user account or group is created, changed, or deleted.
A
Audit
If user
this account
object
policy is renamed,
access
setting isdetermines
defined, disabled,
the or enabled.
administrator can
This
This
The
A password
security
setting
administratorissetting
is not
set or persistent
can specifyonwhether
changed.
whether
pre to the
Vista OS
platforms.
audit only Ifspecify
audits each
you
successes, whether
instance
configure only thistoofaudit
a user
setting
failures, only
bothand successes,
attempting
then restart
successes only
to and
log theonfailures,
to or toor
computer,
failures, both
log successes
off
tothis
not to
setting
audit andevents
this these
computer.
reverts failures, or
allto(i.e.
to theatdefault not audit these
value.
neither succes ev
Audit
If youoffpolicy
define change
this
This
Default:
Log
Default:
If
security
Success Success.
events
5 minutes. arepolicy
setting
auditing generated
ischeck
setting,
determines
enabled,
you
whenever can specify
whether athe OSwhether
logged audits
on user toaccount's
user audit
attempts successes,
to access
logon audit
session failures,
non-Active
account is
orDirectory
terminated. not Ifaudit the event
thisobjects.
policy Audittype
setting isisat all.generated
only
defined,Success
thatthe
audits generate
for objects
hasadministrator
that an
can have audit
syste
specify we
these
Audit policy
privilege settings
use boxan and audit
clearentry
the is generated
Success and each
Failure timecheckany boxes. successfully accesses a Directory object a matching SACL specifie
This
The security setting
administrator can determines
specify whether whether to the
audit OS audits
only each instance
successes, of attempts
only failures, both to change user
successes and rights
failures,assignment
or to not audit policy, auditevents
these policy,ataccount
all (i.e. policy,
neitheror trust
succes
Default:
If Failure Success.
auditing is enabled, an audit entry is generated each time any user unsuccessfully attempts to access a Directory object that has a matching SACL sp
Default:
Audit
This process
security setting tracking determines whether to audit each instance only of a user exercising a user right. failures, or to not audit these events at all (i.e. neither succes
The
If administrator
Success auditingcan specify whether
is enabled, an audittoentryaudit isonly successes,
generated each timefailures, any account both successes
successfullyand accesses a non-Directory object that has a matching SACL spe
Default:
Audit
Success
This system
securityon events
domain
setting controllers.
determines whether the OSwhether
audits process-related events such as process creation,
If
If you define this policy setting, you can specify to audit successes, audit failures, or not audit thisprocess termination,
type of event handle duplication,
at all.policy,
Success audits and indirect
generate an aud
NoSuccess
If auditing
Failure auditing
on member
auditing isisenabled,
enabled,
servers.anaudit auditentry
entryisisgenerated
generatedeach when an anyattempted change to user rights assignment
to access apolicy, audit or that
trust policy is successfu
Access
Success
This this
securityon computer
domain
setting from theannetwork
controllers.
determines whether the OS audits any of
time
the following
user unsuccessfully
events:
attempts non-Directory object has a matching SAC
If
Tothis setpolicy setting
thisauditing
value is defined,
toisNo auditing, the administrator
inaudit
the Properties can specify
dialog box whether
for an to audit
thisattempted
policy only successes,
setting, select only failures,
the Define both successes
these policy settings and box
check failures,
and or to not
clear theisaudit
Success theseand ev
Undefined
If Failure
Note user that you for a
can member enabled,
set a SACL computer. an
on users entry
a file system is generated
object using when
the Security change
tabtointhe to
thatcomputer user rights
object's Properties assignment
dialog box. policy, audit policy, or trust policy attempted b
This setting
If Attempted right
is determines
used
system by
time which
Credential
change Manager and groups
during are allowed
Backup/Restore. to connect
No accounts should have over thisthe network.
privilege, asRemote
it is only Desktop
assigned Services
to are
Winlogon. not affected
Users by
saved this
cre
Success
Default: Noauditing
auditing. is enabled, an audit entry is generated each time the OS performs one of these process-related activities.
Default:
Act Attempted
Default: as partNo of security systemsystem
the operating
auditing. startup or shutdown
Note:
If
Remote
Attempt
Failure to load
auditing
Desktop
extensible
is
Services
enabled,
was calledcomponents
authentication
an audit
Terminal Services in previous versions of Windows Server.
Audits
Add
Success
ThisLoss areon not
workstations
userof generated
domain
audited
right to domain
events
allows for use
controllers.
due
a process theentry
ofimpersonate
to auditing
to
is generated
following
system any useruser
failure
each
rights, even
without
timeif the
successOS fails
authentication.
to perform
auditsTheorprocess
failure one of these
audits activities.for Audit privilege use. Enabling auditing of th
are specified
can therefore gain access to the same local resources as that us
Default
No on
auditing
Default:
Security workstations
onsizemember and
servers. servers:
Adjust
Bypass Nolog
memory
security auditing
traverse
Administrators
This setting
exceeding
quotas
checking for a process
determines
a configurable warning threshold level.
which groups or users can add workstations to a domain.
Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with
Debug
Backup programs
If
Windows
Allow
This logOperators
thisprivilege
policy 2000
on setting is defined,
or Windows
locally
determines who NTcanthe
4.0,administrator
you might can to
need specify
assign whether
this privilegeto audit toonly
use successes,
applications a only
thatfailures,
exchange both successes
passwords in and failures, or to not audit these ev
plaintext.
Create
Users
This a token
security objectis valid
setting only onchangedomainthe maximum
controllers. Bymemory
default,that anycan be consumed
authenticated user byhas process.
this right and can create up to 10 computer accounts in the dom
Replace
Everyone
Allow
If logprocess
Success on through
auditing level token Desktop
isRemote
enabled, an audit Services
entry is Controller
generatedlog each
Caution
This
This logon
user right
right isdetermines
defined in the which users
Default can interactively
Domain on time
Group to this the OS performs
computer. Logons oneinitiated
inofthe
these byactivities
pressing successfully.
CTRL+ALT+DEL sequence on the attached keyb
Generate
Adding
Administrators
security
a computer group
audits
account
this right. to the domain allows the computer toPolicy object
participate in(GPO)
Active andDirectorybased local security policy
networking. of workstations
For example, adding and servers.
a workstation to a dom
Back
Default
This
If up
Failure onfiles
security and
domain
setting
auditing directories
controllers:
userisrightdetermines
enabled, anawhich
audit users
entry isorgenerated
groups have permission totolog on asusers.
a Remote
fails toDesktop
perform Services client.
Assigning
Note:
Restore This this
files
Administrators
Default: privilege is
and directories
Authenticated
can for
useful
Users
be security
on system
domain
risk.
tuning, Only
controllers. can each
but it assign bethis time
misused,userthe right
forOS attempts
trusted
example, inand
a denial-of-service one
attack.of these activities.
Default
Bypass
This user on workstations
traverse
right checking
determines andwhich servers:users Administrators
can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system
Authenticated
Default: None.Users
Default: Operators
Backup
Default:
Caution
Enterprise
Note: Administrators
Users Domain
who haveControllers
the Create Computer Objects permission on the Active Directory computers container can also
Change
Users.
This
Local user the
Service
Specifically,
system
right
thisdetermines
user
time
right which
is similar users can traverse
to granting directorypermissions
the following trees even though to the user the user
or groupmayin not have permissions
question oncreate
the computerdirectory.
traversed accountsThis in the domain
privilege d
Everyone
Administrators
On workstation
Success on as
domainand theservers:
owner
controllers. of the computer
Administrators, account,
Remote while computer
Desktop Users. accounts that are created by meansonofall files and
permissions folders
on theon the system:
computers container have the
Network
Change
Incorrectly
Pre-Windows
user
On
This right.
domain
user Service.
the Time
editing
2000 Zone
controllers:
right the registry
Compatible may
Administrators. severely
Access damage your system. Before making changes to the registry, you should back up any valued data on the compute
No
Thisauditing
Defaultuser on determines
member
onFolder/Execute
domain
right is defined which
servers.
controllers:
in theAccountusers Domain
Default and groups
Operators can change
Controller Groupthe timeobject
Policy and date (GPO)on theandinternal
in the local clocksecurity
of the computer. Users that are
policy of workstations andassigned
servers.this user right
Traverse File
Administrators
Create
List
This a pagefile
Folder/Read
user right Data
determines
Important
This
Backup
Defaultuser right
Operators
on is definedand
workstations inwhich
the users Domain
Default
servers:
and groups can change
Controller Groupthe timeobject
Policy zone used (GPO) byand
the incomputer
the localfor displaying
security policy theoflocal time, which
workstations andisservers.
the computer's syste
Read
Create Attributes
a token object
Print
This
Read
This Operators
Administrators
user right
Extended determines
isAttributes which users and groups can call an internal application programming interface (API) to create and change the size of a page file. Th
This user
Default
Server
Backup setting
on right
does defined
workstations
Operators.
Operators not have inany
and the Default
effect
servers: onDomain
Windows Controller
2000 computersGroup Policy objectnot
that have (GPO)
beenand in theto
updated local security
Service Pack policy
2. of the workstations and servers.
Read
Create Permissions
global
Administrators
This security settingobjects
Users
For information
Default: aboutdetermines
Administrators, howUsers to specifywhicha accounts
paging filecan size beforused by processes
a given drive, seeto Tocreate
change a token
the size thatofcan the then
virtualbememory
used to paging get access file. to any local resources when
Local
Everyone
Create Service
permanent shared objects
Caution
This
This security rightsetting determines
internally whether users can createUnlessglobal objects that aredo available to allthissessions. Users
to a can still create orobjects
processthat arethan
specific toSyst
thei
Localuser
Default: Service is used
Administrators. by the operating system. it is necessary, not assign user right user, group, other Local
Default
Create
Network on domain
Symbolic
Service
This user right controllers:
Links
determines which
Assigning
Caution
Administrators
Caution this user right can be aaccounts
security risk.can Since
be used by processes
there is no way to tobe create
sureathat directory
a userobject
is backing usingup the object
data, manager.
stealing data, or copying data to be distributed,
Debug
Server
This programs
Operators
privilege determines if the user can create a symbolic link from the computer he is logged on to.
Default
This
Defaultuser
Assigning onright
on domain is used
workstations
this user controllers:
right internally
and
can servers:
be a abysecurity
the operating
Administrators
security system and
risk. Assign is right
useful to kernel-mode components that extend the object namespace. Because components th
Local
AssigningService
Administrators
Deny access this touser
thisright can
computer be from the networkrisk. Do not this assignuser this user onlyrightto to
trusted
any user,users.group, or process that you do not want to take over the system.
Backup
This user Operators.
right
None Users determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not ne
Default:
Authenticated
Default: Administrator
None.
Default:
Deny log on as a batch job
Everyone
This
Defaultsecurity
on domain setting determines
controllers:Administratorswhich users are prevented from accessing a computer over the network. This policy setting supersedes the Access this compu
Caution
WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that arent designed to hand
Local
Backup Service
Operators
Administrators
Deny log
This security on as a service
setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch j
Network
Default:
ServerService
Local Service
Guest
Operators
Assigning
Note this user right can be a security risk. Only assign this user right to trusted users.
Pre-Windows
Network Service 2000 Compatible Access
This security
This setting
Default: None. setting
can be useddetermines
in conjunction which service
a symlink accounts
filesystem are prevented
setting thatfrom can registering
be manipulated a processwith the as a service. This
command policytosetting
line utility controlsupersedes
the kinds ofthe Log on that
symlinks as aa
Service Administrators
Default:
Note: This security setting does not apply to the System, Local Service, or Network Service accounts.

Default: None.
Deny log on locally
Deny log on through
This security Remote Desktop
setting determines which Services
users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy settin
Enable
This computer
security setting anddetermines
user accounts which to users
be trusted for delegation
and groups are prohibited from logging on as a Remote Desktop Services client.
Important
Force
This shutdown
security from a remote system
setting determines which users can set the Trusted for Delegation setting on a user or computer object.
Default:
If you apply None. this security policy to the Everyone group, no one will be able to log on locally.
Generate
This usersecurity security
setting audits
determines
The
Important or object that is grantedwhich users are
this privilege allowed
must havetowrite shutaccess
down atocomputer
the account from a remote
control flagslocation on the
on the user ornetwork.
computerMisuse
object.ofAthis user
server right can
process result on
running in
Default:
control
Impersonate None.
flag set.
a client after authentication
This user
This security rightsetting
is defineddetermines which accounts
in the Default can be used
Domain Controller Groupby aPolicy
processobjectto add
(GPO) entries
andto in the
the security log. The
local security security
policy log is usedand
of workstations to trace unauthorized sys
servers.
This
security
Increase setting
policydoes notworking
setting have any
set effect
is enabled. For on more Windows
information 2000see computers
Audit: Shut that down
have not system beenimmediately
updated to ifService unablePack to log2.security audits
This
Assigninguseraright process
this is defined
privilege toina the
user Default
allowsDomain programs Controller
running Group on behalf Policy object
of that user(GPO) and in the alocal
to impersonate security
client. Requiringpolicythisof workstations
user right for and servers.
this kind of impersonation
Default:
user's permissions topriority
administrative or system levels.
Default:
Increase
This Local Service
scheduling
privilege determines which user accounts can increase or decrease the size of a processs working set.
Caution
Network Service.
On
Caution
Load workstations
Increase andaunloadprocess and servers:
working
device set
drivers Administrators.
This
On security
domain setting
controllers: determines which accounts
Administrators, Server can use a process with Write Property access to another process to increase the execution priority assigned to
Operators.
Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that
This
Lock
Assigningprivilege
pages in
this
This userAdministrators. determines
memory
user right which
can be user
a accounts
security
right determines which users can dynamically risk. can
Only increase
assign loadthisor
and decrease
user the
rightdevice
unload sizedrivers
to trusted of users.
a processs
or other code working set.
in to kernel mode. This user right does not apply to Plug
Default:
Default: Administrators on domain controllers.
Log
Default:
This on as a batch
Users
security setting jobdetermines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual
Default:
Caution
Log
This on as a service
security setting allows a user tosetbeoflogged on by means of a batch-queue facility andinisphysical
provided onlymemory.
for compatibilitypages with olderresident
versionsandof Windows.
The
Default:working
Administrators
Assigning thisset
None. userof aright
processcan be is the
a security memory
risk. Do pages not assign currently
this uservisible to to
right theany
process
user, group, RAM
or process that youThese do not want toare take over the available for
system.
Log
Local
This on locally
Servicesetting
security allows a security principal to log on astaska service. Services canscheduler
be configured to run under thea Local System, Local Service, or Networkuse Se
For
Warning:example, when
Increasing a user
the and submits
working a job by means of the scheduler, the task
set size for a process decreases the amount of physical memory available to the rest of the system. logs that user on as batch user rather than as an interactive
Networkon
Default Service
workstations servers:
Manage auditing
Determines which and
users security
can logon toAdministrators.
log the computer.
Service setting: None.
Default
Default
Modify
Default:
This on
an domain
object
Administrators
security setting controllers:
label determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and reg
Important
Note: ByOperators.
Administrators default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Mo
Backup
Modify firmware environment values
started.
Print
This Operators
This privilege
Modifyingsecurity determines
thissetting
settingdoes may not
which
affect
usera accounts
allow user to enable
compatibility
can modifyfile and
with clients,
the integrity
object
services,
labelauditing
access of objects,
and applications. in Forsuch asFor
general. files,
compatibility
registry
such auditingkeys,
information
or
beprocesses
toaboutenabled, owned
the
this setting, Audit byobject
otheraccess
see Allow
users. Proces
setting
log on locally (h
Perform
This volume
security maintenance tasks
In addition,
Default: None a setting
user can determines who canan
also impersonate modify
access firmware
token ifenvironment values. Firmware
any of the following conditionsenvironment
exist. variables are settings stored in the nonvolatile RAM of n
You
Default:can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.
Profile
This single setting
security processdetermines which users and groups can run maintenance tasks on a volume, such as remote defragmentation.
On x86-based
The access token computers,
that is being the only firmware environment
impersonated is for this user. value that can be modified by assigning this user right is the Last Known Good Configuration setting,
Default:
Profile
On Administrators.
workstations and servers: Administrators, Backup Operators, Power
On
This Itanium-based
The user, system
security in this computers,
performance
logon
setting session,boot
determines created
which information
the access
users can is use
stored
token inbynonvolatile
performance logging toUsers,
onRAM.
monitoring theUsers Users,
network
tools must and
with
to monitor Guest.
beexplicit
assigned this user right
credentials.
the performance to run bootcfg.exe
of nonsystem processes. and to change the Defa
Use
The caution
Onall
domain when assigning
controllers: this is
Account user right. Users
Operators, with
toAdministrators, this user
Backupright can explore disks and extend files in to memory that contains other data. When the exten
On computers,
requested levelthisis user
less right
than required
Impersonate, install
such as orAnonymous
upgrade orOperators,
Windows. Identify. and Print Operators.
Remove
This
Because computer
security setting
of these from
factors, docking
determines station
which
usersusers.
do not users
usually canneedusethis performance
user right. monitoring tools to monitor the performance of system processes.
Default:
Default: Administrators,
Administrators Power
Note:
Replace This a security
process setting
level does
token not affect who can modify the system environment variables and user environment variables that are displayed on the Advance
This security
Default:
For more setting determines
Administrators.
information, search for whether a user can undockina the
"SeImpersonatePrivilege" portable computer
Microsoft Platform from its docking station without logging on.
SDK.
Default:
Restore
This Administrators.
files and
security setting directories
determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so the thatuser
one may
service can star
If this policy is enabled, the user must log on before removing the portable computer from its
Warning docking station. If this policy is disabled, remove the
Shut
This down the
security system
setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and di
Default:
Default: Network Service,
Administrators, LocalUsers,
Power Service. Users
If you enable
Synchronize this setting,
directory programs
service data that previously had the Impersonate privilege may lose it, and they may not run.
This securitythis
Specifically, setting
userdetermines
right is similar which users who
to granting theare loggedpermissions
following on locally to to thethe computer
user or group can shut down theon
in question operating system
all files and using
folders on the
the Shut Down command. M
system:
Take ownership
This security of files
setting determinesor other objects
which users and Operators,
groups have the authority to synchronize all directory service data. This is also known as Active Directory syn
Default
TraverseonFolder/Execute
Workstations: Administrators,
File Backup Users.
Accounts:
Write
This security Administrator
setting account which
determines statususers can take ownership of any securable object in the system, including Active Directory objects, files and folders, prin
Defaults:
Default onNone. Servers: Administrators, Backup Operators.
Accounts:
This security Block Microsoft
setting determines accountswhether the local Administrator account is enabled or disabled.
Caution
Default
Accounts: on Guest
Domain controllers:
account status Administrators, Backup Operators, Server Operators, Print Operators.
This
Notes policy setting prevents users from adding new Microsoft accounts on this computer.
Assigning this user right can be a security risk. Since owners users with this userhave
of objects rightfull
can overwrite
control of them,registry
onlysettings,
assign this hideuser
data, andtogain
right ownership
trusted users. of system objects
Accounts:
This security Limit localdetermines
setting account useif of theblank
Guest passwords toenabled
account isoption, consoleor logon only
disabled.
If
If you select the
you tryAdministrators. Users cant add Microsoft accounts users will not be able to create
to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password ne Microsoft accounts on this computer, switch a local account to
requirements
Default:
Accounts: Rename administrator account
Disabling
This security
Default: the
Disabled.Administrator
setting determines accountwhethercan become
local a
accountsmaintenance
that are issue
not under
password certain
protected circumstances.
can be used to log on from locations other than the physical computer
If you select the Users cant add or log on with Microsoft accounts option, existing Microsoft account users will not be able to log on to Windows. Selecting thi
Workstations
Accounts: and
Rename servers:
guest Administrators,
account Backup Operators.
This
Under security
Safe setting
Mode determines
boot, whether
theisdisabled a differentaccount
Administrator accountwill name onlyisbeassociated
enabledSharingifwith
the the security
machine identifier (SID)
is non-domain for the
andaccount Administrator. Renaming the w
Default:
Domain
Note:
If you If
Enabled.
controllers:
the
disable Guest
oraccess Administrators,
doaccount
not disabled
configure this Backup
and the
policy Operators,
security option
(recommended), Serverusers Operators.
Network willAccess:
be able to use Microsoft and Security accounts Modelwith forjoined
local accounts
Windows.
thereisaresetnotoother
Guestlocal
Only,active adminis
network log
Audit:
This Audit
security the of global system objects
setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-kn
Default:
Default: Administrator.
Disabled.
Audit:
Warning:
This Audit the
security use of
setting Backup and
determines Restore
whether privilege
to audit the access of global system objects.
Default: Guest.
Audit:
This Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.
If thissecurity
Computerspolicythatissetting
are not
enabled, determines
in whether
physically
it causes systemsecure to audit
locations
objects, the
such use asofmutexes,
should allalways
user privileges,
enforcesemaphores
events, including
strong Backup
passwordand DOS and
policies Restore,
for all to
devices, when
local usertheaccounts.
be created Audit
withprivilege use
Otherwise,
a default systempolicy
anyoneis inwith
access effect.
physi
controlE
If you apply
Audit: Shut
Windows this
down
Vista security
and system policy to
immediately
later versions the Everyone
if unableallow group,
to logaudit no
securityone will
audits be able to log on through Remote Desktop Services.
If you When
Note: disable this policy, use of
thensecurity of Windows
the Backup or Restore policy
privilegeto beismanaged
not audited in aeven
morewhenpreciseAuditway using audit
privilege use is policy subcategories. Setting audit policy at
enabled.
joined
DCOM: the configuring
toMachine domain Access
this
or upgraded
Restrictions
setting,
to Windows
in Security
changes
Vista or will
Descriptor later not take effect
versions.
Definition To until
allowyou
Language auditrestart
(SDDL)policy Windows.
to be managed using subcategories without requiring a change to G
syntax
Notes
This security setting
administrative determines whether the system shuts down if it is unable to log security events.
tool. versions
Note:
Default: OnDisabled.
Windows prior to Windows Vista configuring this security setting, changes will not take effect until you restart Windows. Enabling this setting
DCOM:
This Machine
policy setting Launch
determines Restrictions
which in Security
users or groupsDescriptor
can Definition
access Language (SDDL) syntax
This
If
If thissetting
security
the category does not
setting affect
is
level audit policy setlogons
enabled, it that
hereuse
causes domain
is the
not system accounts.
consistent to stopwithifthe a DCOM
security application
events thatauditare cannot remotely
be logged
currently
or locally.
for anyThis
being generated,
setting
reason. is usedan
Typically,
the cause
to control
might be event the attack
thatfails
this to
surface
be logged
registry key iswhen
of the
set. the
Default:
It is
Devices: Disabled.
possibleAllow for applications
undock that
without which use
havingusers remote
to logoron interactive logons to bypass this setting.
This
You policy setting determines groups can launch or activate DCOM applications remotely or locally. This setting is used to control the attack su
If thecan
Default:
use this
security
Disabled logpolicy setting
is full and an to specifyentry
existing access cannotpermissions
be overwritten, to all the and computers
this security to particular users for the
option is enabled, DCOM applications
following Stop error in the enterprise. When you specif
appears:
setting
Devices: is
Note:security
This defined
Allowed
Remote in the
to format
Desktop
setting template,
and eject
Services
determines but it
was removable is not
calledportable enforced.
Terminalmedia Users
Services can and groups
in previous can be
versions given explicit
of Windows Allow
Server. or Deny privileges on both local access and remote acces
You can use this setting to grant whether
access toa all computer
the computers to users be undocked without
of DCOM applications. having to
When logyouon.define
If thisthis
policy is enabled,
setting, logonthe
and specify is not required
users and an
or groups thate
STOP:
template,
Devices: C0000244
but
Preventit is {Audit
not
users Failed}
enforced.
from Users
installing and
printer groups
drivers can be
when given explicit
connecting Allow
to shared or Deny
printersprivileges on local launch, remote launch, local activation, and remote ac
The
This registry
security
An attempt
Default: tosettings
Enabled.setting
generate thata are
determines created
security who
audit asallowed
is a resultto
failed. offormat
enabling andthe ejectDCOM: Machine
removable NTFS Accessmedia.Restrictions in Security
This capability can be Descriptor
given to: Definition Language (SDDL) synta
registry
To entries take precedence over the existing registry keys under OLE. This means that previously existing registry settings are no longer effective, and if oy
Therecover,
Devices:
For computer
Administrators
an
Restrict
aregistry administrator
toCD-ROM
settings printthattoare must
a access
created
shared log
to on,aarchive
locally
as
printer, result
the ofthe
logged-on
driver this logpolicy
for (optional),
user
that only clear
take precedence
shared printerthemustlog, andthe
over
be reset this
previous
installed onoption
registry
the as settings
local desired.
computer. Until
in thisthis
This area.security
securityRemote setting
setting is reset,
Procedure
determines no
Call users,
Services
who is allo
Caution
driver as part values
ofand connecting to a shared printer.
The possible
Administrators
Devices:
Note: On Restrict
Windows floppyfor this
Interactive
accesspolicy
Users
to setting
locally are:
alogged-on user only thistosecurity
This security
The possible valuesversions
setting determines
for this Groupprior to
whetherWindows
Policy Vista
CD-ROM
setting are: configuring
is accessible both local setting, changesusers
and remote will not take effect until you restart Windows.
simultaneously.
Disabling
Default
Devices: on this policy
servers:
Unsigned may
Enabled.
driver tempt users
installation to try
behavior and physically remove the laptop from its docking station using methods other than the external hardware eject but
Blank.
Default:
This This
This
security
Default:
If this represents
ispolicy
setting
Disabled.
policy enabled, notitthe
isdetermines localwhether
defined
allows security
and only policy wayfloppy
Administrators
removable of deleting
have
media the
this are policy
ability. enforcement
accessible to both key.
localThis
andvalue
remote deletes
users the policyisand
simultaneously. then sets
and it as Notisdefined state.
Blank.
Default This
on represents
workstations: the localonly
Disabled the
security interactively
policy way of logged-on
deleting user to
the policy access removable
enforcement key.CD-ROM
This value media.
deletes If this
thepolicy
policy and enabled
then sets itnotoone loggedstate.
Not defined on in
Domain
This controller:
security setting Allow server
determines operators
what happens to schedule
when antasks
attempt is made to install a device driver (by means of Setup API) that has not been tested by the Win
SDDL.
If this policy
Default: This is the
is enabled, Security Descriptor
notit defined
allows only andthe Definition Language
interactively logged-on representation
user to to accessof the groups
removable and privileges
floppy you specify when you enable this
media. If this policy is enabled and no one is logged on intera policy.
SDDL.This Thispolicy
is the is Security Descriptor CD-ROM
Definitionaccess Language is notrepresentation
restricted theof locally
the groups logged-on user.
and privileges you specify when you enable this policy.
Domain
This controller:
securityare: LDAP server signing requirements
setting determines if Server Operators are allowed to submit jobs by means of the AT schedule facility.
Notes
The
Notoptions
Default: Defined.
This policyThis is is not
the defined
default value.
and floppy disk drive access is not restricted to the locally logged-on user.
Not Defined. This is the default value.
This
Note: security
This settingsetting
security determines whether theATaLDAP server requires signing to bethe negotiated with LDAP clients, as follows:
This
Note setting
Silently does not affect the ability tothe
succeed only affects add schedule
local printer. facility; it does not affect Task Scheduler facility.
Default:
Note
This This policy is not defined, which means that the system treats it as disabled.
If thesetting
Warn
None: but
Data does
allow
administrator
signing not
isisaffect
installation
denied Administrators.
not requiredpermissionin order to access
to bind with DCOM theapplications
server. If thedue to the
client changes
requests datamade to DCOM
signing, the server in Windows,
supportsthe it. administrator can use the DCOM:
If
Do
thethe administrator
not allow
computer is denied access
installation
both locally to activate and launch DCOMwill applications due to the changes made to DCOM to the in this version and of Windows,
users. Tothis policy settin
Require signature: Unlessand remotely
TLS\SSL is beingby using used, thisthesetting.
LDAP This data signing restoreoptioncontrol
must ofbe
thenegotiated.
DCOM application administrator do this, open t
DCOM:
Default:
defines the Machine
Warn Launch
but allow
setting and sets Restrictions
installation. in Security
the appropriate SDDL value. Descriptor Definition Language (SDDL) syntax policy setting. This restores control of the DCOM application to
computer launch permissions for those groups. This defines the setting and sets the appropriate SDDL value.
Default: This policy is not defined, which has the same effect as None.
Domain controller: Refuse machine account password changes
Domain member:
This security Digitally
setting encrypt
determines or signdomain
whether secure controllers
channel datawill(always)
refuse requests from member computers to change computer account passwords. By default,
Domain
This member: Digitally encrypt secureall channel
securedata (when possible)
If it issecurity
enabled, setting determines
this setting does not whether
allow a domain channel
controllertraffic initiated
to accept anyby the domain
changes member must
to a computer be signed
account's password.or encrypted.
Domain
This member:
security Digitally
setting determines sign secure
whether channel
a domaindata (when
member possible)
attempts tothat,
negotiate
When
Default: a This
computerpolicyjoins
is nota defined,
domain, a computer
which means account
that theissystem created. After
treats when encryption
it as Disabled. the systemfor all secure
starts, it useschannel
the computertraffic that it initiates.
account password to create a secure
Domain
This securitymember: settingDisable machine
determines account
whether password
a domain memberchanges attempts tothat,
negotiate signing for all secure channel traffic thataccount
it initiates.
When a computer joins a domain, a computer account is created. After when
This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. the system starts, it uses the computer password to create
Specifically a secure
it determin
Domain
negotiated.
Determines member:
If this
whether Maximum
policy is
a domain machine
disabled,
member account
then password
encryption
periodically and
changes age
signing of all
its computer secureaccountchannel traffic
password. is negotiated
Ifstarts,
this setting with
isthethe
enabled, Domain Controller
the account
domain password in which
member does case the level
not attempt of
to
When
This a computer
setting determinesjoins awhether
domain, oranot computer
the domain account member is created.
attempts Afterto that, whenencryption
negotiate the systemfor it useschannel
all secure computer
traffic that to create
it initiates. If enabled, theadomain
secure
which
Domain by default
member: is every
Require 30 days.
stronghow (Windows 2000 or later) session key
secure
This
Domain channel
security
member: will
setting be encrypted.
determines
Digitally encrypt If this setting
often a is
domain disabled,
member thenwill the domain
attempt to member
change will
its not
computerattempt to
account negotiate
password. secure channel encryption.
This setting determines whether orsecure
not thechannel
domain data member (when possible)
attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain me
Domain
Default:
Interactive
This member:
Disabled.
security logon:
settingDigitally
Do sign secure
not display
determines last user
whether channel
namedata
128-bit key (when
strength possible)
is required for encrypted secure channel data.
Default:
This securityEnabled.
30 days.
setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.
Default:
Interactive Enabled.
Logon: Display user information
Default:
Notes
If
When a Enabled.
this policy is enabled,
computer joins athe name
domain, of the lastwhen
a computer user session
to
account
is locked on is not displayed in the Logon Screen. .
successfully
is created.log After that, when the system starts, it uses the computer account password to create a secure
Important
Notes:
Interactive logon: Do not require CTRL+ALT+DEL
Notes:
This
If thissecurity
Dependingpolicyon issetting
disabled,
whatreasonshould
versionthe not
name
of be of
Windows enabled.
the islastComputer
user toonlog account
ondomain passwords
is displayed. are
thatused to establish secure channel communications between members and doma
There
This is no known
setting
decisions.
Interactive applies to Windowsfor disabling
2000 thisrunning
setting.
computers, but itthe
Besides is not controller
unnecessarily
available reducing
through theSecurity
the domain member
the potential
Configuration is communicating
confidentiality
Manager of with
leveltools the and
onsecure
these the settings
channel,
computers. of the parameters
disabling this settin
This policylogon:
If thesecurity Domain
settingMachine
member:
determinesaccount
Digitally threshold.
whether encrypt or sign
pressing secure channel
CTRL+ALT+DEL data (always)
is required before is aenabled,
user canthen log this
on. policy is assumed to be enabled regardless of its curr
If
Thethis
Default:
Domain policy
This machine
setting is
Disabled.
member: enabled,
should
lockout
controllers not
are bethe
policy
also
Digitally policy
used
is enforced
domain
encrypt Domain
in an attempt
ormembersonly
sign member:
to
on
secure support
those
and Digitally
machines
establish
channel datasign
dual-boot
secure secure
that scenarios
(always) channel
have Bitlocker
channels that data
withuse (when
thedomain
enabled
other same possible)
computer
for protecting is
controllers assumed
account.
OS volumes.
in the to
same be enabled
If youPlease
want toensure
domain as regardless
dual-boot
that
wellas twoof its
appropriate
aswell
domain current
installations setti
controllerstha
recover in
Note:
If this Domain
Interactive
policy logon:
is controllers
Machine
enabled, theare also Domain
inactivity
policy domain
limit. members
member: and establish
Digitally sign secure
secure channels
channel datawith(when
otherpossible)
domain controllers
is assumed in thebesame
to enableddomain regardless asits
of domain
current contro
setti
Domain
If member:
this policy Digitally
is enabled on a encrypt
computer, secure channel
a user is notdata required(whentopossible)
press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptibl
Logon
This
Some information
security
or all ofsetting transmitted
determines
theinactivity
information over the
theisusers
numbersecure of channel
failed logonis secure
always
attempts encrypted
that causes regardless
the machineof whetherto be encryption
locked out.ofdetermines
AALL
lockedother secure
out machine channel
or can traffic
only beisrecovered
negotiatedbyio
Interactive
Windows logon:
notices Message athat
oftext for
logon transmitted
attempting
session, and over tothe
if the log on
amount channel
of inactive willtimebe exceeds
encrypted. theThis policy
inactivity setting
limit, then the screen whether
saver will not
run,128-bit
lockingkey thestrength
session.
If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows (unless they are using a smart card for Windows logon).
Failed
This password
Interactive
If this setting
security logon:
is attempts
settingMessage
enabled,specifiesagainst
thentitle
the
a for
text workstations
users
secure
message channel or will
attempting
that member
is tonotlogbe
displayed servers
on established
to that when
users have
unless been locked
128-bit
they log using either
encryption
on. can CTRL+ALT+DELETE
be performed. If this or password
setting is protected
disabled, then screen
the keysav
str
Default: not enforced.
Default on domain-computers:
Interactive logon: Number of Disabled.
previous logons to cache (in case domain controller is not available)
The
This
Default:
This
Default machine
security
Disabled.
texton lockout
setting
is stand-alone
often used policy
allows
for is enforced
the
legal
computers: specification
reasons,Enabled.only onathose
of
for example, machines
title toto appear
warn usersinthat have
theabout Bitlocker
title bar
theof the enabled
window of
ramifications formisusing
that protecting
contains OSInteractive
the
company volumes. Please
logon:
information ensure
to warnthat
orMessage thefor
text
them appropriate
that users rec
their attempt
actions
Interactive
All previous logon:
users'Prompt user to change
logon information password
is cached locallybefore
so that,expiration
in the event that a domain controller is unavailable during subsequent logon attempts, they are a
Default:
Important
Default: No
No message.
message.
Interactive
Determines logon:
how far Require Domain
in advance Controller
(in days) authentication
users are thatunlock
to
Windows cannot connect to a server to confirm yourwarned
logon settings. theirYou
password is about
have been to expire.
logged With
on using this advance
previously storedwarning,
accountthe user has time
information. tochanged
If you constructyou
ap
In order
Interactiveto take advantage
logon: Require of this
smart cardto unlock a locked computer.and
policy on member workstations servers, all domain controllers that constitute the member's domain must be running Win
Logon
In information must be provided For domain accounts, this security setting determines whether a domain controller must be c
aorder
Default:
If domain
computer.
to take
14 days. advantage
controller of this policy
is unavailable and on domain
a user's controllers,
logon information all domain controllers
is not cached, the in theissame
user domain
prompted asthis
with wellmessage:
as all trusted domains must run Windows 200
Interactive logon: Smart card removal behavior
This security setting requires users to log on to a computer using a smart card.
The system
Default:
Microsoft cannotclient:
Disabled.
network log you on now
Digitally because
sign the domain(always)
communications <DOMAIN_NAME> is not available.
This security
The options setting determines
are: what happens when the smart card for a logged-on user is removed from the smart card reader.
In this
Microsoft
Important
This policy
security setting,
network
setting a value
client: of 0whether
Digitally
determines disables logon caching.
sign communications
packet signing(ifisAnyservervalue
required above
agrees)
by 50 only
the SMB caches
client 50 logon attempts.
component.
The options
Enabled: are:
Users can only log on to the computer using a smart card.
Microsoft
Default:
Disabled. 25network
Users client:
can log Send
on unencrypted
to the computer password
using any to attempts
connect to to third-party SMBpacket
serverssigning.
This
This
The security
setting
Noserver
Action
setting
applies
message determines
to Windows
block (SMB) whether
2000
protocol the SMBbut
computers,
provides itmethod.
client
the isbasis
not available negotiate
for Microsoft file SMB
through the print
and Security Configuration
sharing and many Manager tools on operations,
other networking these computers.
such as remote Windo
Default:
before
Microsoft Disabled.
further communication
network server: Amountwith an
of SMB
idle timeserver is
required permitted.
before suspending a session

If Lock
this Workstation
security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext
The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such passwords to non-Microsoft SMB servers that do
as remote not
Windo
Force Logoff
Important
negotiate
Microsoft SMB
network packet
server:signing
Attemptwhen it connects
S4U2Self to to
obtainan SMB
claim server.
information
If
this
This setting
security
Disconnect
Sending is enabled,
setting
if a
unencrypted the
determines
Remote Microsoft
Desktop
passwords the network
aamount
isServices
security client will not
ofrisk.
continuous
session idlecommunicate
time that must withpass
a Microsoft
in a Servernetwork server
Message unless
Block that session
(SMB) server agrees
before to
theperform
sessionSMB packet sig
is suspended
Microsoft
This
If thissetting
settingnetwork
will
is server:
apply
enabled, istotothis
anyDigitally
the computers
Microsoft signnetworkcommunications
running Windows
client will (always)
ask2000
of the through
serverprior changes
to inSMBthe registry, butIf the security setting is notthe viewable through thebeen
Security Co
Default:
If
security
Administrators
you click
Default: Disabled.
Lock
Disabled.
setting
can use
Workstation
support
policy
inif the
clients
toProperties
controlrunningwhen a aversion
dialog computer
box
Windows
forclaims
thissuspends
policy, anperform
the
to Windows
inactive
workstation SMB packet
8 Consumer
is session.
locked
signing
when client upon
Preview session
activity
theserver
that
smartwill
aresetup.
resumes,
card
trying
is removed,
Iftopacket
access
session signing
allowing
aisfile has
share
automatically
users
that
to accounts
leave
enabled
require
reesta
the ma
should
Microsoft only be
network set to enabled
server: Digitally the file server
sign communications is using user to control access to files, and if the file support client principals whose
This
Default:security
Enabled. setting determines whether packet signing (if client agrees)
is required by the SMB server component.
Important
For
If you this policy
click Force setting,
Logoff a value
in tothe of 0 meansdialog
Properties to disconnect
boxthat an idle
for this session
policy, the user as quickly as is reasonably
is automatically logged possible.
off when Thesmart
the maximum card isvalue removed.is 99999, which is 208 days;
This setting
Microsoft
This security should
networksetting be
server: set
determines automatic
Disconnect (default)
clients when so logonthe willfile
hours server
expire can automatically evaluate whether claims areit.needed for the user. An administrator wou
The server
Notes message block (SMB)whether protocolthe SMB
provides server
the basis negotiate
for Microsoft SMB packet
file and print signing sharing with and
clients many that request
other networking operations, such as remote Windo
For
If you
before this
Default:This policy
click
further to take
policy
Disconnect is not
communication effect onwith
if adefined,
Remote computers
which
Desktop
an SMB running
means that
Services
client isWindows
the system
session,
permitted. 2000,treats
removal client-side
itofasthe packet
15 smart
minutes signing
card mustand
fordisconnects
servers also besession
enabled.
undefined
the for To enable
workstations.
without logging client-side
the user SMB packet
off. This allows signing,
the ui
Microsoft
When network
enabled this server:
security Server
setting SPN will target name validation level
This security
Computers
The server thatsetting
message have determines
this policy
block (SMB) whether
set willcause
protocol not be the
toprovides
disconnect
able Windows
tothe users
communicate
basis filewhoserver
for are to
with
Microsoft examine
connectedfile andto
computers the the access
that
print local
do not
sharing token andofmany
computer
have an authenticated
outside
server-side othertheir packetuser
networking network
account's
signing client
enabled.
operations, principal
valid logon and
hours.
By default,
such as remotedetermine
This
server-sid setti
Windo
All Windows
enabled
Server-side access operating
packet token signingsystems
for thecan support
client
be principal.
enabled both ona
A client-side
claims-enabled
computers SMB
running component
token Windowsmay be andneeded
2000 a server-side
and to access
later by SMB files
setting component.
or folders
Microsoft To
which take
network have advantage
claim-based
server: of
Digitally SMB access
sign packet signing,
control
communications policyboth
ap
signing
Network
Note:
If this
The server
client
When and
when
access:
Remote
setting an
is
message
this server-side
policy
SMB
Allow
Desktop
enabled, client
anonymous
blockServices
the
SMB (SMB)
is enabled,
requests
Microsoft
components
it causes
was it.
SID/name
called
protocol network translation
Terminal
server
provides
is controlled
client sessions
Services
thewill
by
with not
basis
the the
in
for
following
SMB
previous
communicate
fileService
and versions
fourprinterwith
policy
to a of
sharing
settings: Windows
Microsoft and Server.
network client
many other networking unless that client
operations, agrees to perform
such expire. SMB
as remote Windows adm packet sig(
Server-side packet signing can be enabled on computers running Windows NTbe 4.0forcibly
Service disconnected
Pack 3 and when later by thesetting
client's thelogon hours
following registry value to 1:
This setting
Microsoft will
network affect
client: both SMB1
Digitally and communications
sign SMB2. (always) -toControls awhether or notasthe client-side SMB component
If this
Network
This setting
access:
This
is disabled,
Do
enabled,
setting
policy
not the
allow
the
isdetermines
notDigitally
Windows
anonymous
Microsoft
defined, if an
which
file server
network enumeration
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
If thissecurity
setting is meansserver
anonymous will
thatuser not
will
thecanofattempt
SAM
negotiate
systemrequest accountsobtain
SMB
security claim-enabled
packet
identifier signing access
requested
(SID) attributes token
for for
thethe
byanother client
client.
user. That is,requires
principal.if packetpacket signing signing.
has been enabled
Default:
Microsoft
If this policy network client:
is disabled, an established sign communications
client session is(ifallowed server treats agrees)
to
it as
be maintained
No
- Controls action. whether
after or not logon
the client's the client-side
hours have SMB component has packet signing enabled
expired.
This
Network security
Microsoft access:
networksetting
Do determines
not
server: allow
Digitally the
anonymoussignlevel of validation
enumeration
communications a SMB
of SAM
(always) server
accounts performs
- Controls and on
shares
whether the service principal name (SPN) provided by the SMB client when trying to e
Default:
This
Server-side
Default:
If
On this
Windows
Automatic.
security
Enabled
policy issetting
packet
Vista on
enabled,and
determines
signing
domain a user
above: cannot what
controllers
with
For be additional
enabled
knowledge
this only. to
setting ofpermissions
on computers
an
work, administrator's
the
will
running be granted
SIDWindows
could forcontact or or
anonymous
95 not the
Windows
aservice
computer
server-side
connections
98. that has to SMB
this
component requires packet signing.
the computer.
policy enabled and use the SID to get the admi
Disabled
Microsoft
Default on for member
network
Windows server:servers.
Vista: Digitally
Enabled. sign communications (if Smart Card
client agrees) Removal
- Controls Policy
whether must
or not thebeserver-side
started. SMB component has packet signing enabled
Network
Enabled
The
This optionsaccess:
forWindows
security domain
are: Do controllers.
setting not allow storage
determines whether of credentials
anonymous or .NET Passports for accounts
network authentication
If server-side
Default
Windows on SMB signing
XP:and is users
Disabled required, a client will notenumeration
be able tosuch of as
establishSAM a session and the shares
with that server is
of allowed.
unlessaccounts it has client-side SMB shares.
signing This enabled. By default,fo
Notes
Important
Default onallows anonymous
workstations member to servers:
perform certain
Disabled. activities, enumerating names domain and network is convenient,
Similarly,
Network if client-side
access: Let SMB
Everyone signing is
permissions required, apply that to client
anonymous will not be
users able to establish a session with servers that do not have packet signing enabled. By defau
Default
Notes
No on
Thisvalidation
security domain
setting controllers:
- validationdeterminesofis the Enabled.
whether
SPN towill Stored
not User activities,
becertain
performed Names by and Passwords saves passwords, credentials, or .NET and Passports forshares.
later use when it gains dom
Windows
If
All
Forserver-side
This security
Windows
Windows
allows SMB
optionanonymous
2000 signing
operating allows
serverssystems
users
toenabled,
additional support
negotiate
perform
SMBbothpacket
restrictions
signing to signing
a client-side
with be placed
Windows willthe
SMB on
NT
such
be SMB asserver.
negotiated
anonymous
component
4.0
enumerating
clients, and with
connections
the a following
the names
clients
server-side that
as have of domain
follows:
SMB
registry client-side
component.
value
accounts
must SMB beToset signing
take
network
1 onenabled.
to advantage the server of SMB
This
packet
running
is convenient,
signing,2000
Windows
fo
both
Network
Using
This
packet SMB access:
security
signing packet Named
setting
for signing pipes
determines can that
degrade
what can be
additionalaccessed
performance anonymously
permissionsup to 15arepercent
granted on file
for service
anonymous transactions.
connections to the computer.
If
Allit Windows
is enabled,
Validate
Default: ifDoprovided
Disabled. thisclient
operating setting and
systems
by enumeration
client
server-side
prevents
- the support
SMB
SMBacomponents
the server
Stored
both User
client-side
will Names
validate
isand
SMB
the
controlled
SPN Passwords
component by the from
and
providedEveryone
following
by athe storing
server-side four policy
SMB passwords
clientSMB
settings:
and credentials.
and component.
allow a session Tothe take advantage
tosecurity
be established of SMB packet
if it matches signing,
the SMBboth ser
Enabled:
Microsoft
Notes
Network network
access: not allow
client:
Remotely Digitally
accessible sign of communications
SAM
registry accounts.
paths by This
(always)option replaces
- Controls whether orwithnot Authenticated
the client-side Users SMB componentin requirespermissions for
packet signing. resources.
client
This
Disabled: and
security server-side
setting
Noconfiguring
additional SMB
determines components
restrictions. which is controlled
communication the
sessions following
(pipes) fourwill policy
have settings:
attributes and permissions that allow anonymous access.
Windows
Microsoft
Note: When allows
network anonymous
client: Digitally
this users
security signtoRely
performon default
communications
setting, certain
changes permissions.
activities,
(if
will server
not takesuch
agrees) as enumerating
effect - Controls
until you the Windows.
whether
restart names or not of the
domain accounts
client-side SMB and network shares.
component has This signing
packet is convenient, enabled fo
Microsoftmatch
Require network from client:
client Digitally
- the SMB signclient communications
MUST send (always)
a SPNgroup - Controls
name in session whether setup, or not andthe theclient-side
SPN name SMBprovided componentMUST requires
match the packet
SMB signing.
server that is beingt
connections.
Network
Microsoft
All
ForWindows
This more access:
security networkTherefore,
information Remotely
operating
setting server:about permissions
determines accessible
Digitally
systems Stored sign
support
which Usergranted
registry
Names
registry atopaths
communications
both the
andEveryone
client-side
keys and subpaths
(always)
Passwords,
can be SMB component
accessed see do
- Controls not the
Stored
over apply
whether
andUser a to anonymous
or not
server-side
Names
network, the
and
regardlessSMB users.
server-side If this
component.
Passwords.
of the SMB
users option
To
or is set,
component
take
groups anonymous
requires
advantage
listed of
in the SMBusers
packet
access can
signing.
packet only
signing,
control access
list both
(ACL)
Microsoft
Default:
Default network
None.
onnetwork
workstations:client: Digitally
Enabled. sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled
Microsoft
client and
Microsoft server-side
network server:
server: SMB Digitally
components
Digitally sign
signaccess communications
is controlled by (if
communications theclient
(always)followingagrees)
- Sharesfour- policy
Controls Controls
whether whether
settings:
or not the or server-side
not the server-side SMB component SMB component requireshas packetpacket signing enabled
signing.
Default:
Network
Default
If this No
on
policy validation
access: Restrict
server:Disabled.
issetting
enabled, theanonymous
Everyone SID towill
is added Named toand
the Pipes
token andthat is created for anonymous connections. In this of case, anonymous users are inable toaccess
access
This security
server-side
Microsoft
Default: network
Disabled. SMB determines
signing
client: is
Digitally which
required,sign registry
a client
communications paths not be subpaths
able
(always) to - can
establish
Controls be awhether
accessed
session or over
with
not that
the network,
server,
client-side regardless
unless SMB it has the users
client-side
component SMB
requires or groups
signing
packet listed
enabled.
signing. theBy default,co
Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled
By
If default,
Microsoft
Network
server-side server-side
network
access: SMB client:
Shares
signing SMB thatis signing
Digitally sign
cansupport
required, is enabled
communications
berestricts
accessed
a client only on
anonymously
will not bedomain
(if server
able tocontrollers.
agrees)
establish - Controls
a session whether
with that or not
server the client-side
unless it has SMB component
client-side SMB has
signing packet
enabled.signing By enabled
default,
All
When Windows
Important enabled,
Disabled.operating
this systems
security setting both a client-side
anonymous SMB
access component
to shares and
and a
pipes server-side
to the SMB
settings component.
for: This setting affects the server SMB behavior, a
Default:
If server-side SMBserver:
signing issigning
enabled, SMB packet
Microsoft forifnetwork Digitally
System\\CurrentControlSet\\Control\\ProductOptions
Similarly,
options client-side
SMB servers". SMB sign communications
is required, that signing
client(always) willnot
will bebe - negotiated
Controls
able to whether with clients
establish ora not that
session thehave withclient-side
server-sideservers SMB thatSMB do signing
component
not have enabled.
requires
packet signingpacket signing.
enabled. By defau
Using
Network
Microsoft SMB access:
packet
network Sharing
signing
server:
System\\CurrentControlSet\\Control\\Server
This
If security
server-side setting
SMB determines
signing and
can
Digitallysecurity
is domainimpose signSMB
which
enabled, model
up
networkto a
for
communications15 local
Applications
packet percent
shares accounts
signingcan performance
(if client
will beagrees)
accessed hit on
- Controls
by anonymous
negotiated file service
with clientswhether
users. transactions.
thatorhavenot the server-side
client-side SMBSMB signing component
enabled.has packet signing enabled
Network
This policy access:
has noNamed
impact pipes that can be accessed anonymously
If server-side SMB
Software\\Microsoft\\Windows
Using SMB packet signingon
System\\CurrentControlSet\\Control\\Print\\Printers
signing is required,
can
controllers.
NT\\CurrentVersion
degrade a performance
client will notup be to able 15 to establish
percent on filea session
servicewith that server unless it has client-side SMB signing enabled. By default,
transactions.
Network access:
security: Shares
Do not
System\\CurrentControlSet\\Services\\Eventlog
This security setting that
determinesstore can
LAN be accessed
Manager
howis network anonymously
hash value on next password change
Similarly,
Default: if client-side
None specified. SMB signing required,logons that client that use will notlocal beaccounts are authenticated.
able to establish a session If withthisservers
settingthat is setdotonot Classic,
have packetnetwork logonsenabled.
signing that useBy local ac
defau
Default: Enabled.
Software\\Microsoft\\OLAP Server
If server-side
Caution
Network
Important security: SMBForce signing is
logoff enabled,
when SMBhours
logon packet signing will be negotiated with clients that have client-side SMB signing enabled.
expire
This
thissecurity
Using setting
SMB packet setting
Software\\Microsoft\\Windows
If is set to determines
Guestcan
signing only, if,network
impose at the upnext
NT\\CurrentVersion\\Printto apassword
logons 15 that
percentuse change,
local the LAN
accounts
performance Manager
hitare
onautomatically (LM) hash
file service mappedvalueto
transactions. forthe theGuestnew password
account. By is stored.
using the The LM hash
Guest model, is relatively
you can hw
attacked.
Software\\Microsoft\\Windows
Network security: LAN Manager NT\\CurrentVersion\\Windows
authentication level
Incorrectly
This
For security
this policyediting
setting thedetermines
to take registry
effect onmay computersseverely
whether damage
torunning
disconnect your
Windows users system.
who are
2000, Before making
connected
server-side changes
to
packet thesigning
local tocomputer
the
must registry,
alsooutsidebeyou should
enabled.their user back
To up any
account's
enable valued
valid logon
server-side data
SMB onpacket
the This
hours. compute setti
signing
System\\CurrentControlSet\\Control\\ContentIndex
Default
Note: This onnetwork
domain computers:
securityserver:settingDigitallyis not Classic.
available on earlier versions of Windows.
Microsoft
Network security: LDAP client signing signrequirements
communications (if server agrees) The security setting that appears on computers running Windows XP, "Network acce
System\\CurrentControlSet\\Control\\Terminal
Default
This
Remotely
When onaccessible
security
this stand-alone
setting computers:
determines
registry itpaths which Guest
and only
subpaths. Server with the
challenge/response authentication
SMB server protocol is used for network when logons. theThis choice affects theexpire.
level of authentication pro
Default on policy
Windows is enabled,
Vista:
System\\CurrentControlSet\\Control\\Terminal Enabled causes client sessions
Server\\UserConfig
to be forcibly disconnected client's logon hours
Default:
For
Network
DefaultWindows security:
on&Windows 2000 servers
Minimum
XP: Disabled. to negotiate
session securitysigning for with
NTLM Windows
SSP basedNT 4.0 clients,
(including the
secure following
RPC) registry
clients value must be set to 1 on the Windows 2000 server:
This security setting determines
System\\CurrentControlSet\\Control\\Terminal
Important
Send the level of data signing that is requested
Server\\DefaultUserConfiguration onnever
behalfuse of clients issuing LDAP BIND domain requests, as follows:
If this LMpolicy NTLM responses:
is disabled, Clients
an established use LM
client and
session
HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature NTLM authentication
is allowed and
to be maintained after NTLMv2
the client's session
logon security;
hours have expired. controllers accept LM, NTLM, and NT
Software\\Microsoft\\Windows
Send LMsecurity:
& NTLM - use NTLMv2 NT\\CurrentVersion\\Perflib
session security if negotiated: Clients use LM and NTLM authentication
Network
Important
None: The LDAP
Minimum
System\CurrentControlSet\Control\ProductOptions
This security settingBIND allowsrequest asession
client
is tosecurity
issued require
with
for
the
the
NTLM SSP based
negotiation
options that ofare (including
128-bit
specified encryption secure
the and/or
bynetwork
RPC)NTLMv2
caller.
servers sessionand use NTLMv2
security. These values session aresecurity
dependent if the on
serverthe LAN suppo M
System\\CurrentControlSet\\Services\\SysmonLog
With
Send the
NTLM Guest only
response model,
only: any
Clients user who can access yourwith computer andover the (including anonymous Internet users)it;can access your shared resources
System\CurrentControlSet\Control\Server
Default:
Computers
Negotiate Enabled.
that
signing: haveIf this
Transport policy set use
Layer will NTLM
not
Security/Secure
authentication
Applications
communicate Sockets
only
computers
Layer
usethat
(TLS\SSL)
NTLMv2dohas notsession
have
not been
security
client-side
started,
ifpacket
the server
the LDAP signing supports
BIND enabled.
request
domain
Client-side
is initiated
controllers
packet
with the
accept
signing
LDAP
LM,
can NT
data be
siM
System\\CurrentControlSet\\Services\\CertSvc
used
Send
This by anyone
NTLMv2
security to
setting
Software\Microsoft\Windows access
response allows shared
only: a Clients
server system
to
NT\CurrentVersion use resources.
NTLMv2
require the authentication
negotiation of only
128-bit and use
encryption NTLMv2 and/or session
NTLMv2 security
session if the server
security. supports
These values it; domain
are controllers
dependent on accept
the LAN LM
Require
Windows
Require NTLMv2
2000 response
signature: session
Service
This Pack security:
the2same
isonly\\refuse (SP2) The
asand connection
above offer
Negotiate willcompatibility
signing. fail However,
if NTLMv2 if protocol
with the is server's
authentication
LDAP not negotiated.
to previous
intermediate versions ofsecurity
saslBindInProgressWindows, such
responseas Microsoft
does not Windows NT 4.0.
System\\CurrentControlSet\\Services\\Wins
Send
Note:
Require NTLMv2
This security
128-bit setting
encryption: behaves
The connection asLM: an Clients
account
willrunning
failuse NTLMv2
policy.
if strong authentication
Forencryption
domain accounts,
(128-bit) only is and
therenot can use beNTLMv2
negotiated. only one session
account policy.ifXP, the
The server
account supports
policy must it; indicate
domain
be defined
that LDA
controller
in th
This
Note:
Send
Require setting
NTLMv2
NTLMv2 can affect
response
session the ability
only\\refuse
security: of computers
The LMconnection
& NTLM: Clients
will Windows
fail use 2000
NTLMv2
if message Server, Windows
authentication
integrity is notBy 2000
only
negotiated. andProfessional,
use NTLMv2 Windows
session and
security the
if theWindows
server Server
supports 2003
it;(for family
domain
account
Caution policy applied to the organizational unit that contains the domain controller. default, workstations and servers that are joined to a domain exam
Caution
Require
organizational128-bit encryption.
unit that contains The connection
the memberwill fail if strong
computers. encryption
Kerberos settings(128-bit)
are not is not negotiated.
applied to member computers.
Default: No requirements.
This setting does not affect interactive logons that are performed remotely by using such services as Telnet or Remote Desktop Services. Remote Desktop Se
Important
If you setNo
Incorrectly
Default: the server
editing thetoregistry
requirements. Requiremay signature,
severely you must also
damage yourset the client.
system. Before Notmaking
setting changesthe clienttoresults in a loss
the registry, you ofshould
connection backwith up any the valued
server. data on the compute
policy will
This setting canhave affect nothe impactabilityonofcomputers
computersrunning runningWindows Windows2000. 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Serve
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Network security:
This policy settingRestrict NTLM:
allows you Incoming
to deny NTLM
or audit trafficNTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote se
outgoing
Network
This security: Restrict NTLM: AuditorIncoming NTLM Traffic
If youpolicy selectsetting
"Allowallows all" or you do not to deny configure allowthis incoming
policy setting, NTLMthe traffic.
client computer can authenticate identities to a remote server by using NTLM authentication.
Network
This policy security:
setting Restrict
allows NTLM:
you to auditNTLM authentication
incoming NTLM in
traffic. this domain
If
If youyou select
select "Allow
"Audit all," all" or thedoclientnot configure
computerthis logspolicyan event setting, for each the server NTLMwill allow all NTLM
authentication request authentication
to a remote requests.
server. This allows you to identify those servers re
Network
This policy security:
setting Restrict
allows NTLM:
you to deny AuditorNTLM allow authentication
NTLM authentication in this domain within anotdomain from this domain controller. This policy does not affect interactive logon to
If
If you
you select "Disable", or do not configure this policy setting, the server will log events for incoming NTLM traffic.
If you select
Network select "Deny
"DenyRestrict
security:
all
all,"domain
theNTLM:
client accounts,"
computer
Add remote
the serverauthenticate
cannot
server
will deny NTLM
exceptions identities
for
authentication
NTLM toauthentication
a remote requests
server for domain
by using NTLM logonauthentication.
and display anYou NTLM can blocked
use the error,
"Network but allow loc
security:
This
If you policy
select setting
"Disabled" allows or you
do to audit
not configure NTLMthis authentication
policy setting, in the a domaindomain from this domain
controller will allowcontroller.
all NTLM pass-through authentication requests within the domain
If
If you select
youpolicy
select "Enable
"Deny allauditing
accounts," for domainthe server accounts",
will deny the
NTLM server will log events
authentication for NTLM
requests frompass-through
incoming traffic authentication
and displayrequests an NTLMthat woulderror.
blocked be blocked when the
This
Network
This policy is
security: supported
setting Restrict
allows onyouat to
NTLM: least Add
create Windowsserver
an this 7 or
exception Windows
exceptions list of Server
in remote
this domain 2008 R2.
servers to whichwill clients areevents
allowed toNTLM
use NTLM authentication if domain.
the "Network Security: Re
If
If you
you select
select "Disable"
"Deny or
forauditingdo
domainfor not configure
accounts to domain policy setting,
servers" the
the domain controller not log for authentication in this
If
This youpolicy
select is "Enable
supported on atare least all Windows
accounts", the
7this server
or Windows willServerlogdomain
events
2008
controller
for all NTLM will authentication
deny all NTLM requests authentication that wouldlogonbe attempts
blockedtowhen all servers in the domain
the "Network Securit
Network
Note:
This
If you Audit
youpolicy
security:
configure and
setting blockAllow
thisallowspolicy
LocalSystem
events you to
setting, recorded
create
you can
NULL on session
an exception
define
fallback
acomputer
listofofremote
list in theservers
servers in thisR2.
"NTLMBlock" domain
to which Log located
toclients
which under
clients
are allowedaretheallowed
toApplications
use NTLM and Services
to useauthentication.
NTLM pass-throughLog/Microsoft/Windows/Secu
authentication if the "
If
If select
youpolicy
select "Enable
"Deny for
for domaindomain accounts
account" to domain servers," the domain controller will log events for NTLM authentication logon attempts for domain account
This
Network
Note: isevents
tosupported
security:
Block Allow
are onNULL
Local at System
recorded least on thisto the
Windows use
computer
domain
7 or
computer controller
Windows identity Server will
for deny 2008
NTLM allR2. NTLM authentication logon attempts from domain accounts and return an NTLM blo
Allow
If
If you
you
NTLM
configure
do not
fall
thisback
configure policy to
this setting,
policy
session
you
setting, can when
no define used
exceptions ainlistthe
with "NTLMBlock"
LocalSystem.
ofwillservers
be in this
applied.
Log domain located to under
which the Applications
clients are allowed andtoServices
use NTLM Log/Microsoft/Windows/Security-NTLM
authentication.
If
If you
you
Network select
select "Enable
"Deny
security: for
Allow for domain
domain
PKU2U accounts,"
servers"
authentication the therequests
domain domain controller
controllerto this will will log
deny
computer NTLM events
to use for NTLM
authentication
online authentication
identities. requests to logon
all servers attempts
in the that
domainuse domain
and return accounts
an NTLM when NTLM
blocked
Note:
This
The Audit events
policy setting
default isconfigure
TRUE are
allows recorded
upthistoLocal
Windows on
System this
Vista computer
services
andexceptions
FALSE in
that use the "NTLMBlock"
in will Log located under the
Negotiate7.to use the computer identity when reverting to NTLM authentication.
Windows Applications and Services Log/Microsoft/Windows/Security-NTLM
If
The you do not policy setting, no be applied.
If younaming
Network
If select format
"Enable
security: forforservers
Configure domain onservers"
encryption this exception the
types domain list iscontroller
allowed theKerberos
for fully qualified
will log domain
events for name
NTLM (FQDN) or NetBIOS
authentication requestsservertoname used in
all servers bythethedomain
application,
when listed
NTLM one per
an authe
asyou
This
If you select
a policy
wildcard
enable "Deny
will be policy
character.
this all,"
turned the offdomain
setting,by default
services controller
on domain
running will deny
as joined
Local allmachines.
NTLM
System pass-through
This
that use would authentication
disallow
Negotiate willthe use requests
online from
identities
the computer its
to beservers
identity. able
This and
to for its
authenticate
might cause accountsto theand
some domainreturn
authentication joined NTLM
ma
requ
The
Recovery naming format
console: for
Allow servers
automatic on this exception
administrative list is
logon the fully qualified domain name (FQDN) or NetBIOS server name used by the calling application listed o
If youpolicy
This
This selectsetting
is"Enable all" on
allows the
youatdomain
to setWindows controller
the encryption will log types events that for NTLM is
Kerberos pass-through
allowed to use. authentication requests from its servers and for its accounts which would
If youpolicy do not supported
configure this policy least setting, services Server 2008
running R2.
as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonym
Recovery
This console: Allow floppy copy and access to all drives and all folders
This
If
Note: notsecurity
policy
Blockis
selected, setting
supported determines
the encryption on at least type if the
onwill
password
Windows
thisnot beServer for the
allowed. in 2008
Administrator
This R2. setting may account
affect must be givenwith
compatibility before
client access
computers to theor system
services is granted. If this option
and applications. is enabled,
Multiple selectioth
This
Shutdown: policy isevents
Allow supported are recorded
system on
to at
be least
shut Windowsdown
computer
without 7 or having
Windows the "NTLMBlock"
to SET Server
log on 2008 Log R2. located under the Applications and Services Log/Microsoft/Windows/Security-NTLM
Enabling
Default: this
This security
policy option
is not makes the Recovery Console command available, which allows you to set the following Recovery Console environment varia
Note:policy
This Audit events
is supported are ondefined
recordedat least on and thisautomatic
Windows computer 7 oradministrative
in the "NTLMBlock"
Windows Server logon 2008 is
Log not
R2. allowed.
located under the Applications and Services Log/Microsoft/Windows/Security-NTLM
Shutdown:
This security Clear
setting virtual memory whether
determines pagefile a computer can be shut down without having to log on to Windows.
AllowWildCards: Enable wildcard support for some commands (such as the DEL command).
AllowAllPaths:
System
This cryptography:
security Allow determines
setting access
Use FIPS to allwhether
140filescompliant
and the folders
virtual on
cryptographic the computer.
memory algorithms,
pagefile isthe including
cleared when encryption,
the system hashing
is shutand down. signing algorithms
When this policy
AllowRemovableMedia: is enabled, Allowthe filesShut to be Down copied commandto removable is available media, onsuch Windows
as a floppy logon disk.screen.
System
NoCopyPrompt: Cryptography: Do notForce
prompt strong
when key protection
overwriting for user keys storeddisables on the computer
For
Virtual
When
thememory
Schannel
this policy
Security
support
isanddisabled,uses Service
a system
the
Provider
optionpagefile to shut
(SSP), toan
down
this
swap existing
security
pages
thepubliccomputer
file.ofsetting
memory
does not diskthe
to appear whenweaker
on TLS
Secure
are not Sockets
theyWindows
the used.
logonOn
Layer (SSL)system,
a running
screen.
protocols
In this case,and this
users
and supports
pagefile
must beisable
only theexclusi
opened Trans
to log onAlgto
algorithms:
ensures
System 3DES
that sensitive
objects: Default AES for
information
owner for encryption,
from
objects processRSA
created or
memoryECC
by members that a key
might of thecryptography
goAdministrators
intotothe for the
pagefile groupis notkey exchange
available to an and authentication,
unauthorized user whoonly the Secure
manages Hashing
to directly acces
This
Default: security
This setting
policy isdetermines
not defined if users'
and the private
recover keys console require SET password
command is be
not used.
available.
Description
Default on workstations: Enabled.
For
System
When
This Encrypting
objects:
this
security policy File
settingRequireSystem
is enabled, case
determines Serviceinsensitivity
it causeswhich (EFS),the
security it supports
for
system non-Windows
pagefile
principal the(SID)Triple
to subsystems
be willData
cleared Encryption
be assigned upon clean the Standard
shutdown.
OWNER (DES) andenable
If you
of objects Advanced
when the Encryption
this object
security Standard
is option,
created the a(AES)
by hibernation
member encryption
offile algorith
the(hiberfil.sys
Administr
Default
The
Windows onXP
options servers:
are:
for encryptingDisabled. file data. For information about EFS, see Encrypting File System.
Default:
System objects: Strengthen default permissions of internal is system objects (e.g., Symbolic The Links)
This
Default:
Windows security
Disabled.
XP: setting
User determines
SID whether case insensitivity enforced for all subsystems. Win32 subsystem is case insensitive. However, the kernel suppo
User
For input
Remote isDesktop
not required Services,whenitnew supports keys are only stored
the and DES
Triple used encryption algorithm for encrypting Remote Desktop Services network communication.
Windows
System
User
This 2003
settings:
issetting
prompted : Administrators
Optional
when the subsystems Group
keyinsensitivity
isthe first usedis enforced
If thissecurity setting
is enabled, determines
case strength of the default for alldiscretionary
directory objects, access control list
symbolic links, (DACL)
and IO forobjects,
objects.including file objects. Disabling this setting does n
User
System must
Note:security Remote enter
settings: aUse
Desktop password Services
Certificate each was
Rulestime they
called
on use a key
Terminal
Windows Services
Executables in previous
for Software versions of Windows
Restriction Policies Server.
This
For
Active more setting
information,
Directory maintainsdetermines
see Public
a global which
key subsystems
listinfrastructure. can optionally be
of shared system resources, such as DOS device names, mutexes, and started up to support your applications. With this securityInsetting,
semaphores. this way, you can specify
objects can beaslocatedman
Default: Enabled.
User
For
This Accountsetting
BitLocker,
security Control:
this policy Adminneeds
determines Approval
to be enabled
if digital Mode for
certificates the are
before Built-in
anyprocessed Administrator
encryption key is
when aaccount
generated.
user or process Please note that
attempts to runwhen this policy
software withisanenabled,
.exe fileBitLocker
name extension.will prevent Thisthesecc
Default:
Default:
If thisbased POSIX.
This
policy ispolicy
enabled, is notthe defined.
default that DACL is stronger, with allowing users who
run,
User Account on the
Control: digital certificate
Behavior of the is associated
elevation prompt for the software.
administrators Inare order
in
notfor
Admin
administrators
certificateMode
Approval rulesto read
to take shared
effect, objects
you must but not
enable allowing these users
this security setting. to modify s
This
Default: security
Disabled. setting determines the behavior of Admin Approval mode for the Built-in Administrator account.
Default:
When
User Enabled.
certificate
Account rules
Control: are enabled,
Behavior of software restriction policies will check a certificate revocation list (CRL) to make sure the software's certificate and signatur
This options
The securityare: setting determines thethe elevation
behavior prompt
of the elevationfor standard prompt users
for administrators
Note:security
options.
This The Federal setting Information
determinesProcessing the behavior Standard (FIPS) 140
of the elevation promptis a securityfor standard implementation
users designed for certifying cryptographic software. FIPS 140 validated
User Account Control: Detect application installations and prompt for elevation
The
options
Enabled: are:
The Built-in Administrator will logon in Admin Approval Mode. By default any operation that requires elevation of privilege will prompt the Consent A
Default:
The
Useroptions Disabled.
Account are:Control: Only elevate
This security setting determines the executables
behavior of application that are signed installationand validated detection for the entire system.
Disabled:
Prompt forThe consent:Built-in AnAdministrator
operation that will requires
logon inelevation
XP compatible of privilege mode will
and prompt
run allthe Consent Admin
applications to selectwith either Permit or Deny. If the Consent Admin sele

User
This Prompt
Account for
securityare: credentials:
Control: Only An operation
elevate that
UIAccess requires
setting will enforce PKI signature checks on any interactive application applications elevation that of areprivilege
installed willin prompt
secure the user
locations
that requeststo by default
enter an administrative
elevation
full administrative
of privilege. user name
Enterprise
privilege.
and password. can
administrators If the user et
control
The options
Prompt
Default:
User for
Disabled
Account credentials:
Control: Run An operation
all users, that
including requires elevation
administrators, of privilege will prompt the Consent Admin to enter their user name and password. If the user en
Automatically
This
The security
options denywill
setting
are: elevation
enforce requests:
the requirement This option thatresultsapplications in as an standard
access
that request users.
denied error message
execution being returned
with a UIAccess integrity to the
levelstandard user when
(via a marking they try to perform
of UIAccess=true a
in thei
Enabled: Application installation packages that require an elevation of privilege to install will be heuristically detected and trigger the configured elevation pro
Elevate
User
This Account
security without Control:
setting prompting:
SwitchThis
determines to thethe optionsecure
behavior allows desktop
of the
all Consent
UACwhen Admin
prompting
policies for to for
the perform
elevation
entire an operation that requires elevation without consent or credentials. Note: this sc
system.
-Default:
\Program
Enabled: Prompt Files\,
Enforces for including
credentials (home) /chain
PKI subdirectories
therunning certificate Automatically
validation deny a elevation
of that given requestsbefore
executable (enterprise)
it is permitted to run. like Group Policy Software Install (GPSI) or SMS wi
-
User Disabled:
Default:
This Prompt
security
Enterprises
\Windows\system32\
Account Control:
settingfor Virtualizesstandard
consent
determines file and the
whether
users
registry desktops
elevation write requestfailures leverage
to per-user
will prompt
delegatedlocations
on the
installation technologies
interactive users desktop or the Secure Desktop.
The options
- \Program are:
Files not (x86)\, including subdirectories
UserDisabled:
Default: Enabled
Account Does Control:(home) enforce
Allow/ DisabledPKI certificate
UIAccess (enterprise)
applications chainfor 64 bit versions
validation
to prompt before
for elevation aofgiven
Windows executable
without usingisthe permitted
securein to run.
desktop.
This
The security
options setting
are: enables the redirection of legacy application write failures to defined locations both the registry and file system. This feature mitigates th
Enabled:
Note: Windows Admin Approval
enforces PKI signature check on any interactive application that requests execution with Changing
asizeMode and all other UAC policies are dependent on this option being enabled. UIAccess integritythis setting levelrequires
regardless a system
of thereboot.
state of thi
Default:
Maximum Disabled
application
This security setting log
controls whether User Interface Accessibility (UIAccess or UIA) programs canasautomatically disable the secure desktop foronly
elevation prom
Virtualization
Enabled: All facilitates
elevation the running
requests by of pre-Vista
default will (legacy)
go to the applications
secure desktop that historically failed to run Standard User. An administrator running Windows Vi

The Disabled:
Maximumoptions Admin
are:
security Approval
log size Mode user type and all related UAC policies will be disabled. Note: the Security Center will notify that the overall security of the op
This
If security
youoptions
enableare: setting specifies the maximum size of the application event log,
this setting, UIA programs including Windows Remote Assistance can automatically disable the secure desktop for elevation prompts. Unless you which has a theoretical maximum of 4 GB. Practically the limit is lower (~300MB
The
Disabled: All elevation requests will go to the interactive users desktop
Default:
Maximum

ThisEnabled: Enabled
security system
An setting logspecifies
application size will only
the maximum launch with size UIAccess
of the security integrity if it resides
event log, which in ahas secure location inmaximum
a theoretical the file system. of 4 GB. Practically the limit is lower (~300MB).
Notes
If you disable or do notthe configure this setting, of theapplication
secure desktop can onlytobe disabled bylocations
the user for of the
Enabled:
Default:
Prevent Facilitates
Enabled
local guests group runtime
and redirection
ANONYMOUS LOGIN users write
from failures
accessing defined
application user log bothinteractive
the file system desktop andorregistry.
by disabling the "User Account
This
securityAn
Disabled:
Notes setting
application specifies will thelaunch maximum with size of the
UIAccess system
integrity evenevent log,
ifisitnotdoes which has a in
not reside theoretical
aKB,
secure maximum
location in of
the4 GB. Practically the limit is lower (~300MB).
file system.
Log
UIA file sizes
programs must be
are designed a multiple
towrite of
interact 64 KB.
with If you
Windows enter and a value
application that programs a multiple of
on behalf 64 Event Viewer will round he log file size up to a multiple of 64 KB.

ThisDisabled:
Prevent local
setting
security Applications
guests
does
setting group
notdetermines
appearthatand in the data
ANONYMOUS Local
if guests to Computer
protected
are LOGIN
prevented locations
Policy users
from will simply
from
object.accessing accessing fail application
the as they
security did inof
logevent a user. versions
previous
log.
This setting allows UIA programs
of Windows. to bypass the secure desk
Notes
Default:
Log file Enabled
sizes must be a multiple of 64 KB. If you enter a value that is not a multiple of 64 KB, Event Viewer will round he log file size up to a multiple of 64 KB.
Event
Since Log
UIA sizeguests
programs and log must wrapping
be able should
toLocal
respond be defined toLOGIN
prompts to match regarding the business security and security requirements you determined prompt,when designingmust your beenterprise securityIn
Prevent
Default
This
Default:
Notes
local
:For
setting
securityEnabled
does
setting
the Windows
group
notdetermines
appear and
Serverin ANONYMOUS
the
if2003
guests Computer
are prevented
family, 16 enter
MB; Policy
for
users
from
Windows
from
object.accessing accessing
XP the issues,
Professional
system
application such
logevent
Service
as the log.
Pack
UAC elevation
1, Viewer
8 MB; for Windows
UIA programs
XP Professional, 512
highly trusted.
KB.
Log
Event fileLog ..\Program
sizes must
size andlog be Files\
a (and
multiple subfolders)
of 64 KB. If you a value that is not a multiple
log wrapping should be defined to match the business and security requirements you determined when designing your enterprise security of 64 KB, Event will round he log file size up to a multiple of 64 KB.
Retain
This application
setting
security ..\Program
does
setting Files
notdetermines
appear (x86)\
in the if(and Local
guests subfolders,
Computer
are prevented in Policy
64-bit from versions
object.accessing of Windowsthe application only) event log. 1, 8 MB; for Windows XP Professional, 512 KB.
Default:
Notes
This For
setting the
does Windows
not appear Serverin the 2003 Localbe family,
Computer 16 MB; for
Policy Windows
object. XP Professional Service Pack
..\Windows\System32\
Event Log size and
Retain
This security
security log log
setting
wrapping
determines the
should
number
defined to
of16 days'
match
worth
the business and security requirements you determined when designing your enterprise security
of events
Default:
Notes
This For does
setting the Windows
not appear Serverin the 2003 Local family,
Computer MB; for Windows
Policy object. XPtoProfessional
be retained for the application
Service Pack 1, 8 MB; log iffor theWindows
retentionXP method for the application
Professional, 512 KB. log is By D
This security
The requirement
Retain system setting
log to be affects only computers
in a protected path can running
be disabled Windows by 2000 the "User and Account
WindowsControl: XP. Only elevate UIAccess applications that are installed in secure locatio
This
Set security
this value setting
onlynot if determines
you archive the
theLocal number
log atComputer of days' worth
scheduled intervals of events and you to be make retained
sure that for the thesecurity
Maximum logapplication
if the retention method
log size is largefor theenoughsecurity log is By Days.
to accommodate the
This
This setting
security does
setting appear in the Policy object.
Default:
Retention
Whilesecurity
This Enabled
this method
setting
setting foraffects
for Windows
applies application
determines
only
to any XP, computers
log
UIA
the Disabled
program,
number
running
for
of Windows
itdays'
will be
Windows
used
worth 2000 of
2000 and Windows XP.
primarily
events to inbe certainretained Windowsfor the Remote
system Assistance
log if the scenarios.
retention methodThe Windows
for the Remote
system log Assistance
is By Days. prog
Set
Note: this value
This settingonlydoes if younot archive
appear theinlog theatLocal scheduled Computer intervalsPolicy and object. you make sure that the Maximum security log size is large enough to accommodate the inte
This
Default:security
Retention Enabled
methodsetting foraffects
for Windows
security only XP,
log computers
Disabled running
for Windows Windows 2000 2000 and Windows XP.
Default:
This
Set security
If a user
this valueNone.
requests setting
onlyremote determinesassistance
if you archive the
the log "wrapping"
from atan scheduled method
administrator for
intervals the
andand application
the you remote make log.
assistance
sure thatsession the Maximum is established,
system log anysizeelevation
is large prompts
enoughappear on the interactive
to accommodate the inte
Notes
prompts"Enabled
Default:
Retention check
method boxfor
for when
Windows
system setting XP,
log up the remote
Disabled for assistance
Windows 2000 session. However, selecting this check box itself requires that the interactive user respond to an el
This setting
security
If you Thisdo not does
setting
archive not appear
determines
thenot in
application the
the Local
"wrapping" Computer method Policy for object.
the security log.
Note:
A user mustGroupssetting
possess does the Manage appearauditing inlog,theinLocal the Properties
Computer
and security
dialog box
logPolicyuser right object. for this policy, select the Define this policy setting check box, and then click Overwrite eve
to access the security log.
Restricted
If yousecurity
Default:
This enable
None. this setting,
setting determines("User Account the "wrapping" Control: Allow UIAccess
method for thebox system applicationslog. to prompt for elevation without using the secure desktop), , requests for elevatio
Default:
If you do
If you archiveNone.
not archive the
the log at credentialssecurity
scheduled intervals,log, in the Properties dialog
in the Properties dialog box for this policy,
for this select
policy,the select Definethe this
Define policythissetting check box,
policy setting check and then
box, andclick
then Overwrite events
click Overwrite
provide the appropriate for elevation.
This
If you security
do setting
not archive allows
the an
system log, administrator in the Properties to define two properties
dialog box for this for security-sensitive
policy, select the groups
Define ("restricted"
this policy groups).
setting check box, andbox,thenand click Overwrite events
If
If you archive
yousetting
must retain the log all theat scheduled
events intervals, in the Properties dialog box for this policy, select thethe Define this policy setting check then click DoOverwrite
This does not change theinbehavior
the log, in of thethe Properties
UAC elevation dialog box
prompt forforthis policy,
administrators. select Define this policy setting check box, and then click not overw
Theyoutwo
If you properties
archive the log are atMembers
scheduled and Member
intervals, Of. The Members list defines whopolicy,belongs and the whoDefine
does not belong to the restricted group. The click
Member Of list
If
Note: must retain all the events in the log,Local in in thethe Properties
Properties dialog dialog box box forfor this thispolicy, select select the Define thisthis policy
policy setting
setting check
check box,box,and and then
then click DoOverwrite
not overw
If you Thisplan setting
to enable does thisnot appear
setting, you in should
the also Computer
review the Policyeffect object.
of the "User Account Control: Behavior of the elevation prompt for standard users" setting. If
When
.If you must retain all the events in the log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Do not overl
a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members
Notes
Default: None.
System Services security settings
Registry
Allows ansecurity settingsto define the startup mode (manual, automatic, or disabled) as well as the access permissions (Start, Stop, or Pause) for all system se
administrator
File System
Allows security settings
Default:an administrator
Undefined. to define access permissions (on discretionary access control lists (DACLs)) and audit settings (on system access control lists (SACLs
Allows an administrator to define access permissions (on discretionary access control lists (DACLs)) and audit settings (on system access control lists (SACLs
Default:
Notes Undefined.
Default:
Note: Undefined.
This setting does not appear
This setting does not appear in the in the Local
Local Computer
Computer PolicyPolicy
object.object.
If you choose to set system service startup to Automatic, perform adequate testing to verify that the services can start without user intervention.
Note: This setting does not appear in the Local Computer Policy object.
For performance optimization, set unnecessary or unused services to Manual.
Reboot Comments
Required
No
No
No
No
No
No
No
No
No
No clients will get the new
setting after a
No clients
maximum will of
get8 the
hoursnew
setting
but for after to
DCs a assign
No clients will of
maximum get8 the
hoursnew
these
settingnew
aftersettings
a assigna
No but for will
Gpupdate
clients DCs to
/force
get theisnew
maximum
these new of 8 hours
required
setting
but orsettings
after
for will
DCs waiting
a assign
to
a
for
No Gpupdate
clients
the usual
maximum 5 /force
get
of theisnew
minutes
8 hours
these new
required
setting or
after settings
waiting
a assigna
for
No when
but forthe
GpupdateDCsSCE to
/forceengine
is
the usual
maximum
assigns
these 5of
all
new minutes
8 hours
modified
settings a
required
when
but fortheor
DCsSCE waiting for
engine
to assign
No settings.
Gpupdate
the usual 5 /force is
minutes
assigns
these all settings
new
required modified a
No when theor
settings.
Gpupdate SCE waiting
/force
for
engine
is
the usual
assigns 5 minutes
all modified
required
when theor
SCE waiting for
engine
No settings.
the usualall5 modified
minutes
assigns
No when the SCE engine
settings.
assigns all modified
No settings.

No
No
No
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Note: In Windows 2000
Server, Windows 2000
No Logoff required
Professional, Windows
No XP Professional,
Note: See also the and
the Windows Server
corresponding
No 2003
Logofffamily,
Windows the Task
required
Server 2003
Scheduler
Allow log on locally
No Logoff required
automatically
policy setting, grants
earlier in
No this
this right as necessary.
worksheet.
Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No

No
No
No
No
Yes
Yes
No
Yes
No
No
No
No
No For the policy change
to take effect, the
No spooler service needs
No to be
stopped/restarted, but
No the system does not
have to be rebooted.
Yes Restart of service might
be sufficient
No
No
No Important: In order to
take advantage of this
No policy on member
No workstations and
servers, all domain
No controllers that
constitute the
No Important: This setting
members domain must
applies to Windows
be running Windows
No 2000
NT 4.0computers,
Service Packbut 6it
No is
or not available through
higher.
the Security
In order to take
Configuration Manager
advantage of this policy
tools on these
on doma
No computers.
No
No
No
No
No
No
No Important: This setting
applies to Windows
No Important: This setting
2000 computers, but it
will apply
is not to anythrough
available
No Only LogOff
computers is required
running
the Security
for W2K, XP and W2K3
Windows
Configuration2000 through
Yes Important:
computers.
changes
ForInManager
in the
this
Vista,
registry,
tools
policy on
to these
take
start/restart effect on
the setting
Yes but the security
computers.
computers running
scpolicysvc
is not viewable will work or
Yes Windows
LogOff 2000,through
client-
the Security
side packet signing
Yes Configuration Manager
must also be enabled.
tool more
For set. information,
No search for "Security
Yes Settings
Important:Descriptions"
For this
in the Windows
policy Server
to take effect on
No 2003 Help.
computers running
No Windows 2000, server-
side packet signing
No must also be enabled.
For more information,
No search for "Security
No Settings Descriptions"
Important: This policy
in
hasthe
noWindows
impact onServer
No 2003 Help.
domain controllers. For
No more information,
search for "Security
No Settings Descriptions"
in the Windows Server
Yes 2003 Help.
No Important: The
Network access:
No Important: On
Remotely accessible
Windows
registry pathsXP, this security
Yes security setting was on
setting that appears
Yes called
computers"Networkrunning
access:
WindowsRemotely
XP
No accessible
Important:
corresponds registry
This setting
to the
paths."
only
Network If you
affects configure
computers
access:
No Important:
this setting
running Windows
on
Windows a XP
Remotely
2000 Service accessible
Pack 2
No member
Professional
registry of the
paths which
and are
(SP2)
Windows
not andServer
joined above
to offer
2003
a domain.
subpaths
compatibility security
with
No family
This that is
policy
Important:
policy setting willjoined
Thisonhave tonoa
setting
authentication
domain,
impact
can onthis
affect to
setting
computers
the ability is
of
members
previous of the
versions Wi of
Yes inheritedWindows
running
computers byrunning
computers2000.
Windows,
For more 2000
Windows such as
information,
Server,
No Warning:
Microsoft This setting
search
Windows
will applyforWindows
"Security
2000
to any
NT
No 4.0.
Setting
Warning: Descriptions"
Professional, This Windows
setting in
computers
This setting running
can affect
the
XP
will Win
Professional,
apply
Windows to
2000 and
anythrough
the
the ability
Windows
computers of computers
Server
changes
running in running
Windowsthe registry
2000
2003
Windows
but thefamily2000
security to through
setting
Server,
communicate
changes Windowsthewith
inviewable 2000
registry
will
Pr not be
computers
but therunning
the security
through setting
Security
Windows
will not beNT
Configuration 4.0
viewable and
Manager
earlier
tool set.over
through Forthe
the netwo
Security
more
No
No
No
No
No
No
No
No
No
No
No
No Require restart of
recoveryrestart
Require consoleof
No
recovery console
No Requires logoff
Yes Vista does NOT require
reboot
No
Yes Requires reboot with
CNG on Vista; Does
No This policy does
not require rebootnot
with
exist
CAPIon onVista
Vista; Does
Yes
not require reboot on
Yes XP, 2003 with CAPI
Yes
No
No
No
No
No
No
No
Yes
No
No
No
No Note: This setting does
not appear in the Local
No Note:
ComputerThisPolicy
settingobject.
does
not appear in the Local
No Note:
ComputerThisPolicy
settingobject.
does
not appear in
Important: the Local
Modifying
No Notes:
Computer This setting
Policy object.
this setting
does may affect
not appear in the
No compatibility
Notes: This with
setting
Local Computer Policy
clients,
does
object.notservices,
appear in andthe
No Note: This setting
applications.
Local Computer For does
Policy
This
not security setting
appear in the Local
No compatibility
object.
affects
Notes: only
This computers
setting
Computer
information
This securityPolicy
about object.
this
setting
running
does notWindows
appear in2000,
the
No setting,
affects
Notes:
Windows
Local see
only
This the "Event
computers
setting
Server Policy
Computer 2003,
Log:
and Maximum
running
does notWindows
Windows
object. appear sec
in2000,
the
XP. does
No This
Note: security
Windows
Local This setting
setting
Server
Computer 2003,
Policy
A
notuser
affects must
only in
appear possess
computers
the
No and
Note:Windows
object.
the Manage
This XP. Local
auditing
setting does
running
Computer
A user Windows
must Policy 2000,
object.
possess
and
not security
appear
Windows log2003,
in the
Server user
Local
No the Manage
Note:toThis
right
Computer access auditing
setting
Policy does
theobject.
and
and
not Windows
security
appear XP.
inlog
the user
Local
No security
Note: log.setting
This does
right to acces
Computer Policy object.
not appear in the Local
Computer Policy object.
Note: This setting does
not appear in the Local
Note: This Policy
Computer settingobject.
does
not appear in the Local
Note: This Policy
Computer settingobject.
does
not appear in the Local
Computer Policy object.

You might also like