· xls file · web viewat least windows server 2012 ... century interpretation for...

Group Policy Settings ReferenceWindows Server 2012R2 and Windows 8.1

This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with

Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.

These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs).

You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available

To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter,

and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the

Legal Notice

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

Some examples depicted herein are provided for illustration only and are fictitious.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server,

and Windows Vista are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.

Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs,

in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.

Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8.

Ó 2013 Microsoft Corporation. All rights reserved.

This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with

Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.

These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs).

You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available

To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter,

and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

The policy settings included in this spreadsheet cover Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs,

in the drop-down list of any of the column headings to add additional filtering criteria within that column.

At least Microsoft Windows Server 2012 or Windows 8.

File Name ActiveXInstallService.admx ActiveXInstallService.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppxPackageManager.admx AppxPackageManager.admx AppxPackageManager.admx AppXRuntime.admx AppXRuntime.admx AppXRuntime.admx AppXRuntime.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx Biometrics.admx Biometrics.admx

Biometrics.admx Biometrics.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx CEIPEnable.admx CEIPEnable.admx CipherSuiteOrder.admx COM.admx COM.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx

conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx ControlPanel.admx ControlPanel.admx ControlPanel.admx ControlPanel.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx Cpls.admx CredentialProviders.admx CredentialProviders.admx CredentialProviders.admx CredentialProviders.admx CredentialProviders.admx CredSsp.admx CredSsp.admx

CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredUI.admx CredUI.admx CredUI.admx CredUI.admx CtrlAltDel.admx CtrlAltDel.admx CtrlAltDel.admx CtrlAltDel.admx DCOM.admx DCOM.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx

DeviceCompat.admx DeviceCompat.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceRedirection.admx DeviceRedirection.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DFS.admx DigitalLocker.admx DigitalLocker.admx DiskDiagnostic.admx DiskDiagnostic.admx DiskNVCache.admx DiskNVCache.admx DiskNVCache.admx DiskNVCache.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DistributedLinkTracking.admx DnsClient.admx DnsClient.admx DnsClient.admx

DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EarlyLaunchAM.admx EdgeUI.admx EdgeUI.admx EdgeUI.admx EdgeUI.admx EdgeUI.admx EncryptFilesonMove.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx ErrorReporting.admx

ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx EventForwarding.admx EventForwarding.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx

EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventViewer.admx EventViewer.admx EventViewer.admx Explorer.admx Explorer.admx Explorer.admx Explorer.admx Explorer.admx Explorer.admx ExternalBoot.admx ExternalBoot.admx ExternalBoot.admx FileHistory.admx FileRecovery.admx FileServerVSSAgent.admx FileServerVSSProvider.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FramePanes.admx FramePanes.admx fthsvc.admx GameExplorer.admx GameExplorer.admx GameExplorer.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx

Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx GroupPolicy-Server.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx

grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx

GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx Help.admx Help.admx Help.admx Help.admx HelpAndSupport.admx HelpAndSupport.admx HelpAndSupport.admx HelpAndSupport.admx hotspotauth.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx

ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx IIS.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx

inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx

inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx InkWatson.admx InkWatson.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx kdc.admx kdc.admx kdc.admx kdc.admx

kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx LanmanServer.admx LanmanServer.admx LeakDiagnostic.admx LinkLayerTopologyDiscovery.admLinkLayerTopologyDiscovery.admLocationProviderAdm.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx MediaCenter.admx MediaCenter.admx MMC.admx MMC.admx MMC.admx MMC.admx MMC.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx

MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx

MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MobilePCMobilityCenter.admx MobilePCMobilityCenter.admx MobilePCPresentationSettings.aMobilePCPresentationSettings.amsched.admx msched.admx msched.admx MSDT.admx MSDT.admx MSDT.admx Msi-FileRecovery.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx

msi.admx msi.admx msi.admx msi.admx NAPXPQec.admx nca.admx nca.admx nca.admx nca.admx nca.admx nca.admx nca.admx nca.admx NCSI.admx NCSI.admx NCSI.admx NCSI.admx NCSI.admx NCSI.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx

NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkIsolation.admx NetworkIsolation.admx NetworkIsolation.admx NetworkIsolation.admx NetworkIsolation.admx NetworkProjection.admx NetworkProjection.admx NetworkProjection.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx

OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx

P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx ParentalControls.admx pca.admx pca.admx pca.admx pca.admx pca.admx pca.admx pca.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PenTraining.admx PenTraining.admx PerformanceDiagnostics.admx PerformanceDiagnostics.admx PerformanceDiagnostics.admx PerformanceDiagnostics.admx PerformancePerftrack.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx

Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx PowerShellExecutionPolicy.admxPowerShellExecutionPolicy.admxPowerShellExecutionPolicy.admxPowerShellExecutionPolicy.admxPowerShellExecutionPolicy.admxPowerShellExecutionPolicy.admxPreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx Printing.admx

Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Programs.admx Programs.admx Programs.admx Programs.admx Programs.admx Programs.admx Programs.admx PswdSync.admx PswdSync.admx PswdSync.admx PswdSync.admx QOS.admx

QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx RacWmiProv.admx Radar.admx ReAgent.admx Reliability.admx Reliability.admx Reliability.admx Reliability.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx

RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx rpc.admx rpc.admx rpc.admx rpc.admx rpc.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx sdiageng.admx sdiageng.admx sdiageng.admx sdiagschd.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx

Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx SearchOCR.admx SearchOCR.admx SecurityCenter.admx Sensors.admx Sensors.admx Sensors.admx Sensors.admx Sensors.admx Sensors.admx ServerManager.admx ServerManager.admx ServerManager.admx ServerManager.admx Servicing.admx SettingSync.admx SettingSync.admx

SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx Setup.admx Setup.admx ShapeCollector.admx ShapeCollector.admx SharedFolders.admx SharedFolders.admx Sharing.admx Sharing.admx Shell-CommandPrompt-RegEditTShell-CommandPrompt-RegEditTShell-CommandPrompt-RegEditTShell-CommandPrompt-RegEditTShellWelcomeCenter.admx Sidebar.admx Sidebar.admx Sidebar.admx Sidebar.admx Sidebar.admx Sidebar.admx SkyDrive.admx SkyDrive.admx SkyDrive.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx Snis.admx Snis.admx

Snmp.admx Snmp.admx Snmp.admx SoundRec.admx SoundRec.admx srm-fci.admx srm-fci.admx srm-fci.admx srm-fci.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx

StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx SystemRestore.admx SystemRestore.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx

TabletPCInputPanel.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx

TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx TerminalServer-WinIP.admx TerminalServer-WinIP.admx TerminalServer.admx TerminalServer-WinIP.admx TerminalServer-WinIP.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx

TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx

TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer-WinIP.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx

UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx

VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx W32Time.admx W32Time.admx W32Time.admx W32Time.admx WCM.admx WCM.admx WCM.admx WCM.admx wdi.admx wdi.admx WinCal.admx WinCal.admx WindowsAnytimeUpgrade.admx WindowsAnytimeUpgrade.admx WindowsBackup.admx WindowsBackup.admx WindowsBackup.admx WindowsBackup.admx WindowsBackup.admx WindowsColorSystem.admx WindowsColorSystem.admx WindowsConnectNow.admx WindowsConnectNow.admx WindowsConnectNow.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx

WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx

WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx

WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx

WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsFileProtection.admx WindowsFileProtection.admx WindowsFileProtection.admx WindowsFileProtection.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx

windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx WindowsMail.admx WindowsMail.admx WindowsMail.admx WindowsMail.admx WindowsMediaDRM.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMessenger.admx WindowsMessenger.admx WindowsMessenger.admx WindowsMessenger.admx WindowsRemoteManagement.a

WindowsRemoteManagement.aWindowsRemoteManagement.aWindowsRemoteManagement.aWindowsRemoteManagement.aWindowsRemoteManagement.aWindowsRemoteManagement.aWindowsRemoteManagement.aWindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WinInit.admx WinInit.admx WinInit.admx WinLogon.admx WinLogon.admx WinLogon.admx WinLogon.admx WorkFolders-Client.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx wwansvc.admx wwansvc.admx

Policy Setting Name Approved Installation Sites for ActiveX Controls Establish ActiveX installation policy for sites in Trusted zones Specify default category for Add New Programs Hide the "Add a program from CD-ROM or floppy disk" option Hide the "Add programs from Microsoft" option Hide the "Add programs from your network" option Hide Add New Programs page Remove Add or Remove Programs Hide the Set Program Access and Defaults page Hide Change or Remove Programs page Go directly to Components Wizard Remove Support Information Hide Add/Remove Windows Components page Prevent access to 16-bit applications Remove Program Compatibility Property Page Turn off Application Telemetry Turn off SwitchBack Compatibility Engine Turn off Application Compatibility Engine Turn off Program Compatibility Assistant Turn off Program Compatibility Assistant Turn off Steps Recorder Turn off Inventory Collector Allow all trusted apps to install Allow deployment operations in special profiles Allow development of Windows Store apps without installing a developer license Block launching desktop apps associated with a file. Block launching desktop apps associated with a file. Block launching desktop apps associated with a URI scheme Block launching desktop apps associated with a URI scheme Notify antivirus programs when opening attachments Trust logic for file attachments Do not preserve zone information in file attachments Hide mechanisms to remove zone information Default risk level for file attachments Inclusion list for high risk file types Inclusion list for low file types Inclusion list for moderate risk file types Set the default behavior for AutoRun Set the default behavior for AutoRun Prevent AutoPlay from remembering user choices. Prevent AutoPlay from remembering user choices. Turn off Autoplay Turn off Autoplay Disallow Autoplay for non-volume devices Disallow Autoplay for non-volume devices Allow the use of biometrics Allow users to log on using biometrics

Allow domain users to log on using biometrics Specify timeout for fast user switching events Timeout for inactive BITS jobs Limit the maximum BITS job download time Limit the maximum network bandwidth for BITS background transfers Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers Allow BITS Peercaching Limit the age of files in the BITS Peercache Limit the BITS Peercache size Do not allow the computer to act as a BITS Peercaching client Do not allow the computer to act as a BITS Peercaching server Limit the maximum network bandwidth used for Peercaching Set default download behavior for BITS jobs on costed networks Limit the maximum number of BITS jobs for this computer Limit the maximum number of BITS jobs for each user Limit the maximum number of files allowed in a BITS job Limit the maximum number of ranges that can be added to the file in a BITS job Do not allow the BITS client to use Windows Branch Cache Allow Corporate redirection of Customer Experience Improvement uploads Tag Windows Customer Experience Improvement data with Study Identifier SSL Cipher Suite Order Download missing COM components Download missing COM components Disable application Sharing Prevent Control Prevent Sharing Prevent Sharing Command Prompts Prevent Desktop Sharing Prevent Sharing Explorer windows Prevent Application Sharing in true color Disable Audio Prevent changing DirectSound Audio setting Disable full duplex Audio Prevent receiving Video Prevent sending Video Limit the bandwidth of Audio and Video Allow persisting automatic acceptance of Calls Disable Chat Disable Whiteboard Disable NetMeeting 2.x Whiteboard Disable remote Desktop Sharing Enable Automatic Configuration Prevent adding Directory servers Prevent automatic acceptance of Calls Prevent changing Call placement method Disable Directory services Prevent receiving files

Prevent sending files Prevent viewing Web directory Limit the size of sent files Set the intranet support Web page Set Call Security options Disable the Advanced Calling button Hide the Audio page Hide the General page Hide the Security page Hide the Video page Hide specified Control Panel items Always open All Control Panel Items when opening Control Panel Prohibit access to Control Panel and PC settings Show only specified Control Panel items Disable the Display Control Panel Hide Settings tab Prevent changing color and appearance Prevent changing screen saver Enable screen saver Force specific screen saver Password protect the screen saver Screen saver timeout Prevent changing desktop background Prevent changing sounds Prevent changing mouse pointers Prevent changing desktop icons Prevent changing color scheme Prevent changing theme Load a specific theme Prevent changing visual style for windows and buttons Force a specific visual style file or force Windows Classic Prohibit selection of visual style font size Do not display the lock screen Prevent changing lock screen image Prevent enabling lock screen slide show Prevent enabling lock screen camera Force a specific background and accent color Force a specific Start background Prevent changing start menu background Force a specific default lock screen image Apply the default account picture to all users Assign a default domain for logon Exclude credential providers Turn on PIN sign-in Turn off picture password sign-in Allow users to select when a password is required when resuming from connected standby Allow delegating default credentials Allow delegating default credentials with NTLM-only server authentication

Allow delegating fresh credentials Allow delegating fresh credentials with NTLM-only server authentication Allow delegating saved credentials Allow delegating saved credentials with NTLM-only server authentication Deny delegating default credentials Deny delegating fresh credentials Deny delegating saved credentials Restrict delegation of credentials to remote servers Enumerate administrator accounts on elevation Require trusted path for credential entry Do not display the password reveal button Do not display the password reveal button Remove Change Password Remove Lock Computer Remove Task Manager Remove Logoff Allow local activation security check exemptions Define Activation Security Check exemptions Enable Active Desktop Disable Active Desktop Prohibit changes Add/Delete items Prohibit adding items Prohibit closing items Prohibit deleting items Prohibit editing items Disable all items Allow only bitmapped wallpaper Desktop Wallpaper Enable filter in Find dialog box Hide Active Directory folder Maximum size of Active Directory searches Prohibit User from manually redirecting Profile Folders Hide and disable all items on the desktop Remove the Desktop Cleanup Wizard Hide Internet Explorer icon on desktop Remove Computer icon on the desktop Remove My Documents icon on the desktop Hide Network Locations icon on desktop Remove Properties from the Computer icon context menu Remove Properties from the Documents icon context menu Do not add shares of recently opened documents to Network Locations Remove Recycle Bin icon from desktop Remove Properties from the Recycle Bin context menu Don't save settings at exit Prevent adding Prohibit adjusting desktop toolbars Turn off Aero Shake window minimizing mouse gesture

Device compatibility settings Driver compatibility settings Prioritize all digitally signed drivers equally during the driver ranking and selection process Configure device installation time-out Prevent creation of a system restore point during device activity that would normally prompt creation of a restor Allow remote access to the Plug and Play interface Allow administrators to override Device Installation Restriction policies Allow installation of devices using drivers that match these device setup classes Prevent installation of devices using drivers that match these device setup classes Allow installation of devices that match any of these device IDs Prevent installation of devices that match any of these device IDs Prevent installation of removable devices Prevent installation of devices not described by other policy settings Time (in seconds) to force reboot when required for policy changes to take effect Display a custom message title when device installation is prevented by a policy setting Display a custom message when installation is prevented by a policy setting Allow non-administrators to install drivers for these device setup classes Code signing for device drivers Prevent redirection of USB devices Prevent redirection of devices that match any of these device Ids Turn off "Found New Hardware" balloons during device installation Do not send a Windows error report when a generic driver is installed on a device Prevent Windows from sending an error report when a device driver requests additional software during installat Configure driver search locations Turn off Windows Update device driver search prompt Turn off Windows Update device driver search prompt Specify search order for device driver source locations Specify the search server for device driver updates Prevent device metadata retrieval from the Internet Configure how often a DFS client discovers domain controllers Do not allow Digital Locker to run Do not allow Digital Locker to run Disk Diagnostic: Configure custom alert text Disk Diagnostic: Configure execution level Turn off boot and resume optimizations Turn off cache power mode Turn off non-volatile cache feature Turn off solid state mode Enable disk quotas Enforce disk quota limit Specify default quota limit and warning level Log event when quota limit is exceeded Log event when quota warning level is exceeded Apply policy to removable media Allow Distributed Link Tracking clients to use domain resources Connection-specific DNS suffix DNS servers Primary DNS suffix

Register DNS records with connection-specific DNS suffix Register PTR records Dynamic update Replace addresses in conflicts Registration refresh interval TTL value for A and PTR records DNS suffix search list Update security level Update top level domain zones Primary DNS suffix devolution Turn off smart multi-homed name resolution Turn off smart protocol reordering Allow NetBT queries for fully qualified domain names Prefer link local responses over DNS when received over a network with higher precedence Turn off IDN encoding IDN mapping Do not allow window animations Do not allow window animations Do not allow Flip3D invocation Do not allow Flip3D invocation Use solid color for Start background Specify a default color Specify a default color Do not allow color changes Do not allow color changes Turn on misconversion logging for misconversion report Turn off saving auto-tuning data to file Turn off history-based predictive input Turn off Open Extended Dictionary Turn off Internet search integration Turn off custom dictionary Restrict character code range of conversion Do not include Non-Publishing Standard Glyph in the candidate list Boot-Start Driver Initialization Policy Turn off switching between recent apps Turn off tracking of app usage App switching Charms WinX Do not automatically encrypt files moved to encrypted folders Allow only USB root hub connected Enhanced Storage devices Lock Enhanced Storage when the computer is locked Do not allow non-Enhanced Storage removable devices Do not allow password authentication of Enhanced Storage devices Do not allow Windows to activate Enhanced Storage devices Configure list of IEEE 1667 silos usable on your computer Configure list of Enhanced Storage devices usable on your computer Configure Error Reporting

Display Error Notification Disable Windows Error Reporting Disable Windows Error Reporting Prevent display of the user interface for critical errors Disable logging Disable logging Do not send additional data Do not send additional data Do not throttle additional data Do not throttle additional data Send additional data when on battery power Send additional data when on battery power Send data when on connected to a restricted/costed network Send data when on connected to a restricted/costed network Automatically send memory dumps for OS-generated error reports Automatically send memory dumps for OS-generated error reports Default application reporting settings List of applications to never report errors for List of applications to always report errors for Report operating system errors Configure Report Archive Configure Report Archive Configure Corporate Windows Error Reporting List of applications to be excluded List of applications to be excluded Configure Report Queue Configure Report Queue Customize consent settings Customize consent settings Ignore custom consent settings Ignore custom consent settings Configure Default consent Configure Default consent Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Control the location of the log file Specify the maximum log file size (KB) Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Control the location of the log file Specify the maximum log file size (KB) Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size

Turn on logging Control the location of the log file Specify the maximum log file size (KB) Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Control the location of the log file Specify the maximum log file size (KB) Events.asp program Events.asp program command line parameters Events.asp URL Display the menu bar in File Explorer Prevent users from adding files to the root of their Users Files folder. Turn off common control and window animations Turn off Data Execution Prevention for Explorer Turn off heap termination on corruption Set a support web page link Windows To Go Default Startup Options Allow hibernate (S4) when starting from a Windows To Go workspace Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace Turn off File History Configure Corrupted File Recovery behavior Configure maximum age of file server shadow copies Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provid Selectively allow the evaluation of a symbolic link Do not allow compression on all NTFS volumes Do not allow encryption on all NTFS volumes Enable NTFS pagefile encryption Short name creation options Disable delete notifications on all volumes Enable / disable TXF deprecated features Use localized subfolder names when redirecting Start Menu and My Documents Do not automatically make all redirected folders available offline Do not automatically make specific redirected folders available offline Use localized subfolder names when redirecting Start Menu and My Documents Enable optimized move of contents in Offline Files cache on Folder Redirection server path change Redirect folders on primary computers only Redirect folders on primary computers only Turn on or off details pane Turn off Preview Pane Configure Scenario Execution Level Turn off downloading of game information Turn off tracking of last play time of games in the Games folder Turn off game updates Disallow selection of Custom Locales Disallow selection of Custom Locales Restrict system locales Disallow copying of user input methods to the system account for sign-in

Restrict user locales Restrict user locales Disallow changing of geographic location Disallow changing of geographic location Disallow user override of locale settings Disallow user override of locale settings Hide Regional and Language Options administrative options Hide the geographic location option Hide the select language group options Hide user locale selection and customization options Restricts the UI language Windows uses for all logged users Restricts the UI languages Windows should use for the selected user Force selected system UI language to overwrite the user UI language Restrict selection of Windows menus and dialogs language Turn off offer text predictions as I type Turn off insert a space after selecting a text prediction Turn off autocorrect misspelled words Turn off highlight misspelled words Block clean-up of unused language packs Century interpretation for Year 2000 Turn off automatic learning Turn off automatic learning Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services Configure Group Policy Caching Configure Logon Script Delay Enable AD/DFS domain controller synchronization during policy refresh Turn off Group Policy Client Service AOAC optimization Configure Direct Access connections as a fast network connection Change Group Policy processing to run asynchronously when a slow network connection is detected. Turn off Local Group Policy Objects processing Specify startup policy processing wait time Allow cross-forest user policy and roaming user profiles Configure software Installation policy processing Configure disk quota policy processing Configure EFS recovery policy processing Configure folder redirection policy processing Configure Internet Explorer Maintenance policy processing Configure IP security policy processing Configure registry policy processing Configure scripts policy processing Configure security policy processing Configure wireless policy processing Configure wired policy processing Determine if interactive users can generate Resultant Set of Policy data Determine if interactive users can generate Resultant Set of Policy data Turn off automatic update of ADM files Turn off background refresh of Group Policy Remove users' ability to invoke machine policy refresh

Enforce Show Policies Only Configure Group Policy domain controller selection Configure Group Policy slow link detection Configure Group Policy slow link detection Set Group Policy refresh interval for computers Set Group Policy refresh interval for domain controllers Set Group Policy refresh interval for users Set default name for new Group Policy objects Create new Group Policy Object links disabled by default Always use local ADM files for Group Policy Object Editor Turn off Resultant Set of Policy logging Configure user Group Policy loopback processing mode Specify workplace connectivity wait time for policy processing Configure Applications preference extension policy processing Configure Applications preference logging and tracing Configure Data Sources preference extension policy processing Configure Data Sources preference logging and tracing Configure Devices preference extension policy processing Configure Devices preference logging and tracing Configure Drive Maps preference extension policy processing Configure Drive Maps preference logging and tracing Configure Environment preference extension policy processing Configure Environment preference logging and tracing Configure Files preference extension policy processing Configure Files preference logging and tracing Configure Folder Options preference extension policy processing Configure Folder Options preference logging and tracing Configure Folders preference extension policy processing Configure Folders preference logging and tracing Configure Ini Files preference extension policy processing Configure Ini Files preference logging and tracing Configure Internet Settings preference extension policy processing Configure Internet Settings preference logging and tracing Configure Local Users and Groups preference extension policy processing Configure Local Users and Groups preference logging and tracing Configure Network Options preference extension policy processing Configure Network Options preference logging and tracing Configure Network Shares preference extension policy processing Configure Network Shares preference logging and tracing Configure Power Options preference extension policy processing Configure Power Options preference logging and tracing Configure Printers preference extension policy processing Configure Printers preference logging and tracing Configure Regional Options preference extension policy processing Configure Regional Options preference logging and tracing Configure Registry preference extension policy processing Configure Registry preference logging and tracing Configure Scheduled Tasks preference extension policy processing

Configure Scheduled Tasks preference logging and tracing Configure Services preference extension policy processing Configure Services preference logging and tracing Configure Shortcuts preference extension policy processing Configure Shortcuts preference logging and tracing Configure Start Menu preference extension policy processing Configure Start Menu preference logging and tracing Permit use of Application snap-ins Permit use of Applications preference extension Permit use of Control Panel Settings (Computers) Permit use of Data Sources preference extension Permit use of Environment preference extension Permit use of Files preference extension Permit use of Folders preference extension Permit use of Folder Options preference extension Permit use of Internet Settings preference extension Permit use of Local Users and Groups preference extension Permit use of Power Options preference extension Permit use of Registry preference extension Permit use of Scheduled Tasks preference extension Permit use of Shortcuts preference extension Permit use of Start Menu preference extension Permit use of Control Panel Settings (Users) Permit use of Preferences tab Restrict potentially unsafe HTML Help functions to specified folders Restrict these programs from being launched from Help Restrict these programs from being launched from Help Turn off Data Execution Prevention for HTML Help Executible Turn off Active Help Turn off Help Ratings Turn off Help Experience Improvement Program Turn off Windows Online Enable Hotspot Authentication Restrict Internet communication Restrict Internet communication Turn off Automatic Root Certificates Update Turn off printing over HTTP Turn off printing over HTTP Turn off downloading of print drivers over HTTP Turn off downloading of print drivers over HTTP Turn off Windows Update device driver searching Turn off Event Viewer "Events.asp" links Turn off Help and Support Center "Did you know?" content Turn off Help and Support Center Microsoft Knowledge Base search Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com Turn off Registration if URL connection is referring to Microsoft.com Turn off Windows Error Reporting Turn off access to all Windows Update features

Turn off Search Companion content file updates Turn off Internet File Association service Turn off Internet File Association service Turn off access to the Store Turn off access to the Store Turn off Internet download for Web publishing and online ordering wizards Turn off Internet download for Web publishing and online ordering wizards Turn off the "Order Prints" picture task Turn off the "Order Prints" picture task Turn off the "Publish to Web" task for files and folders Turn off the "Publish to Web" task for files and folders Turn off the Windows Messenger Customer Experience Improvement Program Turn off the Windows Messenger Customer Experience Improvement Program Turn off Windows Customer Experience Improvement Program Turn off Windows Network Connectivity Status Indicator active tests Prevent IIS installation Audio/Video Player Carpoint DHTML Edit Control Shockwave Flash Investor Menu Controls Microsoft Agent Microsoft Chat MSNBC NetShow File Transfer Control Microsoft Scriptlet Component Microsoft Survey Control Turn off the flip ahead with page prediction feature Turn off the flip ahead with page prediction feature Turn off loading websites and content in the background to optimize performance Turn off loading websites and content in the background to optimize performance Turn on the swiping motion on Internet Explorer for the desktop Turn on the swiping motion on Internet Explorer for the desktop Allow active content from CDs to run on user machines Allow active content from CDs to run on user machines Check for server certificate revocation Check for server certificate revocation Turn off ClearType Turn off ClearType Turn on Caret Browsing support Turn on Caret Browsing support Turn on Enhanced Protected Mode Turn on Enhanced Protected Mode Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled

Always send Do Not Track header Always send Do Not Track header Use HTTP 1.1 Use HTTP 1.1 Use HTTP 1.1 through proxy connections Use HTTP 1.1 through proxy connections Allow Internet Explorer to use the SPDY/3 network protocol Allow Internet Explorer to use the SPDY/3 network protocol Turn off encryption support Turn off encryption support Do not allow resetting Internet Explorer settings Do not allow resetting Internet Explorer settings Check for signatures on downloaded programs Check for signatures on downloaded programs Allow third-party browser extensions Allow third-party browser extensions Allow Install On Demand (Internet Explorer) Allow Install On Demand (Internet Explorer) Allow Install On Demand (except Internet Explorer) Allow Install On Demand (except Internet Explorer) Automatically check for Internet Explorer updates Automatically check for Internet Explorer updates Allow software to run or install even if the signature is invalid Allow software to run or install even if the signature is invalid Play animations in web pages Play animations in web pages Play sounds in web pages Play sounds in web pages Play videos in web pages Play videos in web pages Turn off Profile Assistant Turn off Profile Assistant Do not save encrypted pages to disk Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Empty Temporary Internet Files folder when browser is closed Show Content Advisor on Internet Options Show Content Advisor on Internet Options Turn on inline AutoComplete Turn off inline AutoComplete in File Explorer Go to an intranet site for a one-word entry in the Address bar Go to an intranet site for a one-word entry in the Address bar Turn on script debugging Turn off details in messages about Internet connection problems Turn off page transitions Turn on the display of script errors Turn off smooth scrolling Turn off configuring underline links

Turn off phone number detection Turn off phone number detection Subscription Limits Disable adding channels Disable adding schedules for offline pages Disable offline page hit logging Disable channel user interface completely Disable editing and creating of schedule groups Disable editing schedules for offline pages Disable removing channels Disable removing schedules for offline pages Disable all scheduled offline pages Disable downloading of site subscription content Prevent specifying the code download path for each computer Prevent choosing default text size Disable the Advanced page Disable the Advanced page Disable the Connections page Disable the Connections page Disable the Content page Disable the Content page Disable the General page Disable the General page Disable the Privacy page Disable the Privacy page Disable the Programs page Disable the Programs page Disable the Security page Disable the Security page Send internationalized domain names Send internationalized domain names Use UTF-8 for mailto links Use UTF-8 for mailto links Prevent ignoring certificate errors Prevent ignoring certificate errors Turn off sending URL path as UTF-8 Prevent specifying background color Prevent specifying text color Prevent the use of Windows colors Prevent specifying cipher strength update information URLs Start the Internet Connection Wizard automatically Add-on List Add-on List Deny all add-ons unless specifically allowed in the Add-on List Deny all add-ons unless specifically allowed in the Add-on List All Processes All Processes Process List

Process List Admin-approved behaviors Admin-approved behaviors Install binaries signed by MD2 and MD4 signing technologies Install binaries signed by MD2 and MD4 signing technologies All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes

All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List Internet Zone Restricted Protocols Internet Zone Restricted Protocols Intranet Zone Restricted Protocols Intranet Zone Restricted Protocols Local Machine Zone Restricted Protocols Local Machine Zone Restricted Protocols Restricted Sites Zone Restricted Protocols Restricted Sites Zone Restricted Protocols Trusted Sites Zone Restricted Protocols Trusted Sites Zone Restricted Protocols Turn off Crash Detection Turn off Crash Detection Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar Turn off Automatic Crash Recovery Turn off Automatic Crash Recovery Turn off Reopen Last Browsing Session Turn off Reopen Last Browsing Session Do not allow users to enable or disable add-ons

Do not allow users to enable or disable add-ons Add a specific list of search providers to the user's list of search providers Add a specific list of search providers to the user's list of search providers Turn on menu bar by default Turn on menu bar by default Turn off Favorites bar Turn off Favorites bar Disable caching of Auto-Proxy scripts Disable external branding of Internet Explorer Disable changing Advanced page settings Customize user agent string Customize user agent string Use Automatic Detection for dial-up connections Prevent "Fix settings" functionality Prevent "Fix settings" functionality Prevent managing the phishing filter Prevent managing the phishing filter Turn off Managing SmartScreen Filter for Internet Explorer 8 Prevent changing pop-up filter level Display error message on proxy script download failure Turn on compatibility logging Turn on compatibility logging Enforce full-screen mode Enforce full-screen mode Disable Import/Export Settings wizard Disable Import/Export Settings wizard Turn off browser geolocation Turn off browser geolocation Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to ins Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to ins Turn off page-zooming functionality Turn off page-zooming functionality Identity Manager: Prevent users from using Identities Automatically activate newly installed add-ons Automatically activate newly installed add-ons Turn off add-on performance notifications Turn off add-on performance notifications Turn on ActiveX Filtering Turn on ActiveX Filtering Configure Media Explorer Bar Prevent access to Delete Browsing History Prevent access to Delete Browsing History Prevent deleting form data Prevent deleting form data Prevent deleting passwords Prevent deleting passwords Prevent deleting cookies Prevent deleting cookies

Prevent deleting websites that the user has visited Prevent deleting websites that the user has visited Prevent deleting download history Prevent deleting download history Prevent deleting temporary Internet files Prevent deleting temporary Internet files Prevent deleting InPrivate Filtering data Prevent deleting InPrivate Filtering data Prevent deleting ActiveX Filtering Prevent deleting ActiveX Filtering Prevent deleting favorites site data Prevent deleting favorites site data Allow deleting browsing history on exit Allow deleting browsing history on exit Prevent running First Run wizard Prevent running First Run wizard Prevent access to Internet Explorer Help Prevent access to Internet Explorer Help Prevent Internet Explorer Search box from appearing Prevent Internet Explorer Search box from appearing Turn off suggestions for all user-installed providers Turn off suggestions for all user-installed providers Turn off the quick pick menu Turn off the quick pick menu Disable Automatic Install of Internet Explorer components Set tab process growth Set tab process growth Allow Internet Explorer 8 shutdown behavior Allow Internet Explorer 8 shutdown behavior Specify default behavior for a new tab Specify default behavior for a new tab Turn off Tab Grouping Turn off Quick Tabs functionality Turn off Quick Tabs functionality Prevent changing the default search provider Prevent changing the default search provider Disable showing the splash screen Turn off tabbed browsing Turn off tabbed browsing Turn off configuration of pop-up windows in tabbed browsing Turn off configuration of pop-up windows in tabbed browsing Disable Periodic Check for Internet Explorer software updates Prevent configuration of how windows open Prevent configuration of how windows open Configure Outlook Express Pop-up allow list Pop-up allow list Disable changing accessibility settings

Disable changing Automatic Configuration settings Disable changing Automatic Configuration settings Disable changing Temporary Internet files settings Disable changing Calendar and Contact settings Disable changing certificate settings Disable changing default browser check Notify users if Internet Explorer is not the default web browser Disable changing color settings Disable changing connection settings Disable changing connection settings Disable Internet Connection wizard Disable changing font settings Disable AutoComplete for forms Turn on the auto-complete feature for user names and passwords on forms Disable "Configuring History" Disable "Configuring History" Disable changing home page settings Disable changing secondary home page settings Disable changing secondary home page settings Disable changing language settings Disable changing link color settings Disable changing Messaging settings Prevent managing pop-up exception list Prevent managing pop-up exception list Turn off pop-up management Turn off pop-up management Disable changing Profile Assistant settings Prevent changing proxy settings Prevent changing proxy settings Disable changing ratings settings Disable the Reset Web Settings feature Prevent the deletion of temporary Internet files and cookies Prevent the deletion of temporary Internet files and cookies Turn off the auto-complete feature for web addresses Turn off the auto-complete feature for web addresses Turn off Windows Search AutoComplete Turn off Windows Search AutoComplete Turn off URL Suggestions Turn off URL Suggestions Search: Disable Find Files via F3 within the browser Search: Disable Search Customization Security Zones: Use only machine settings Security Zones: Do not allow users to change policies Security Zones: Do not allow users to add/delete sites Disable software update shell notifications on program launch Restrict search providers to a specific list Restrict search providers to a specific list Prevent participation in the Customer Experience Improvement Program

Prevent participation in the Customer Experience Improvement Program Prevent configuration of new tab creation Prevent configuration of new tab creation Make proxy settings per-machine (rather than per-user) Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains

Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence

Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content

Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions

Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut

Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls

Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files

Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads

Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls

Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains

Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script

Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options

Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server

Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items

Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar

Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files

Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence

Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Intranet Sites: Include all local (intranet) sites not listed in other zones Intranet Sites: Include all local (intranet) sites not listed in other zones Turn on certificate address mismatch warning Turn on certificate address mismatch warning Locked-Down Internet Zone Template Locked-Down Internet Zone Template Internet Zone Template Internet Zone Template Locked-Down Intranet Zone Template Locked-Down Intranet Zone Template Intranet Zone Template Intranet Zone Template Locked-Down Local Machine Zone Template Locked-Down Local Machine Zone Template Local Machine Zone Template Local Machine Zone Template Locked-Down Restricted Sites Zone Template Locked-Down Restricted Sites Zone Template Restricted Sites Zone Template Restricted Sites Zone Template Locked-Down Trusted Sites Zone Template Locked-Down Trusted Sites Zone Template Trusted Sites Zone Template Trusted Sites Zone Template Intranet Sites: Include all sites that bypass the proxy server Intranet Sites: Include all sites that bypass the proxy server Intranet Sites: Include all network paths (UNCs) Intranet Sites: Include all network paths (UNCs) Site to Zone Assignment List Site to Zone Assignment List Turn on automatic detection of intranet Turn on automatic detection of intranet Turn on Notification bar notification for intranet content Turn on Notification bar notification for intranet content Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server

Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items

Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar

Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files

Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence

Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Prevent specifying the hover color Prevent specifying the color of links that have not yet been clicked Prevent specifying the color of links that have already been clicked Turn on the hover color option File menu: Disable closing the browser and Explorer windows File menu: Disable Save As... menu option File menu: Disable Save As Web Page Complete File menu: Disable New menu option File menu: Disable Open menu option Help menu: Remove 'Send Feedback' menu option Help menu: Remove 'For Netscape Users' menu option Help menu: Remove 'Tip of the Day' menu option Help menu: Remove 'Tour' menu option Turn off Shortcut Menu Hide Favorites menu Disable Open in New Window menu option Disable Save this program to disk option Turn off Print Menu Turn off Print Menu Tools menu: Disable Internet Options... menu option View menu: Disable Full Screen menu option View menu: Disable Source menu option Turn off automatic image resizing Turn off image display Allow Internet Explorer to play media files that use alternative codecs Allow Internet Explorer to play media files that use alternative codecs Allow the display of image download placeholders Turn off smart image dithering File size limits for Local Machine zone File size limits for Intranet zone File size limits for Trusted Sites zone File size limits for Internet zone File size limits for Restricted Sites zone Turn on printing of background colors and images Turn off background synchronization for feeds and Web Slices Turn off background synchronization for feeds and Web Slices Prevent downloading of enclosures Prevent downloading of enclosures Prevent subscribing to or deleting a feed or a Web Slice Prevent subscribing to or deleting a feed or a Web Slice Prevent automatic discovery of feeds and Web Slices Prevent automatic discovery of feeds and Web Slices Prevent access to feed list Prevent access to feed list

Turn on Basic feed authentication over HTTP Turn on Basic feed authentication over HTTP Bypass prompting for Clipboard access for scripts running in any process Bypass prompting for Clipboard access for scripts running in any process Bypass prompting for Clipboard access for scripts running in the Internet Explorer process Bypass prompting for Clipboard access for scripts running in the Internet Explorer process Define applications and processes that can access the Clipboard without prompting Define applications and processes that can access the Clipboard without prompting Prevent configuration of search on Address bar Prevent configuration of search on Address bar Prevent configuration of top-result search on Address bar Prevent configuration of top-result search on Address bar Allow native XMLHTTP support Allow native XMLHTTP support Turn off Data URI support Turn off Data URI support Turn off Data Execution Prevention Do not display the reveal password button Do not display the reveal password button Change the maximum number of connections per host (HTTP 1.1) Change the maximum number of connections per host (HTTP 1.1) Maximum number of connections per server (HTTP 1.0) Maximum number of connections per server (HTTP 1.0) Turn off cross-document messaging Turn off cross-document messaging Turn off the XDomainRequest object Turn off the XDomainRequest object Turn off the WebSocket Object Turn off the WebSocket Object Set the maximum number of WebSocket connections per server Set the maximum number of WebSocket connections per server Turn on automatic signup Turn off toolbar upgrade tool Turn off toolbar upgrade tool Turn off Developer Tools Turn off Developer Tools Disable customizing browser toolbars Disable customizing browser toolbar buttons Configure Toolbar Buttons Hide the Command bar Hide the Command bar Hide the status bar Hide the status bar Lock all toolbars Lock all toolbars Lock location of Stop and Refresh buttons Lock location of Stop and Refresh buttons Customize command labels

Customize command labels Use large icons for command buttons Use large icons for command buttons Display tabs on a separate row Display tabs on a separate row Prevent specifying the update check interval (in days) Prevent changing the URL for checking updates to Internet Explorer and Internet Tools Turn off ActiveX Opt-In prompt Turn off ActiveX Opt-In prompt Prevent per-user installation of ActiveX controls Prevent per-user installation of ActiveX controls Specify use of ActiveX Installer Service for installation of ActiveX controls Specify use of ActiveX Installer Service for installation of ActiveX controls Turn on Suggested Sites Turn on Suggested Sites Turn off InPrivate Browsing Turn off InPrivate Browsing Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts Turn off collection of InPrivate Filtering data Turn off collection of InPrivate Filtering data Establish InPrivate Filtering threshold Establish InPrivate Filtering threshold Turn off InPrivate Filtering Turn off InPrivate Filtering Establish Tracking Protection threshold Establish Tracking Protection threshold Turn off Tracking Protection Turn off Tracking Protection Add non-default Accelerators Add non-default Accelerators Add default Accelerators Add default Accelerators Turn off Accelerators Turn off Accelerators Restrict Accelerators to those deployed through Group Policy Restrict Accelerators to those deployed through Group Policy Turn on Internet Explorer 7 Standards Mode Turn on Internet Explorer 7 Standards Mode Turn off Compatibility View Turn off Compatibility View Turn on Internet Explorer Standards Mode for local intranet Turn on Internet Explorer Standards Mode for local intranet Turn off Compatibility View button Turn off Compatibility View button Use Policy List of Internet Explorer 7 sites Use Policy List of Internet Explorer 7 sites Use Policy List of Quirks Mode sites

Use Policy List of Quirks Mode sites Include updated website lists from Microsoft Include updated website lists from Microsoft Turn off ability to pin sites in Internet Explorer on the desktop Turn off ability to pin sites in Internet Explorer on the desktop Set default storage limits for websites Set default storage limits for websites Allow websites to store indexed databases on client computers Allow websites to store indexed databases on client computers Set indexed database storage limits for individual domains Set indexed database storage limits for individual domains Set maximum indexed database storage limit for all domains Set maximum indexed database storage limit for all domains Allow websites to store application caches on client computers Allow websites to store application caches on client computers Set application cache storage limits for individual domains Set application cache storage limits for individual domains Set maximum application caches storage limit for all domains Set maximum application caches storage limit for all domains Set application caches expiration time limit for individual domains Set application caches expiration time limit for individual domains Set maximum application cache resource list size Set maximum application cache resource list size Set maximum application cache individual resource size Set maximum application cache individual resource size Start Internet Explorer with tabs from last browsing session Start Internet Explorer with tabs from last browsing session Open Internet Explorer tiles on the desktop Open Internet Explorer tiles on the desktop Set how links are opened in Internet Explorer Set how links are opened in Internet Explorer Install new versions of Internet Explorer automatically Turn off handwriting recognition error reporting Turn off handwriting recognition error reporting Do not allow manual configuration of iSNS servers Do not allow manual configuration of target portals Do not allow manual configuration of discovered targets Do not allow adding new targets via manual configuration Do not allow changes to initiator iqn name Do not allow additional session logins Do not allow changes to initiator CHAP secret Do not allow connections without IPSec Do not allow sessions without mutual CHAP Do not allow sessions without one way CHAP Provide information about previous logons to client computers Use forest search order KDC support for claims Warning for large Kerberos tickets

Define host name-to-Kerberos realm mappings Define interoperable Kerberos V5 realm settings Require strict KDC validation Use forest search order Require strict target SPN match on remote procedure calls Specify KDC proxy servers for Kerberos clients Disable revocation checking for the SSL certificate of KDC proxy servers Fail authentication requests when Kerberos armoring is not available Support compound authentication Set maximum Kerberos SSPI context token buffer size Kerberos client support for claims Hash Publication for BranchCache Hash Version support for BranchCache Configure Scenario Execution Level Turn on Mapper I/O (LLTDIO) driver Turn on Responder (RSPNDR) driver Turn off Windows Location Provider Do not process the legacy run list Do not process the legacy run list Do not process the run once list Do not process the run once list Always use classic logon Do not display the Getting Started welcome screen at logon Run these programs at user logon Run these programs at user logon Always wait for the network at computer startup and logon Remove Boot / Shutdown / Logon / Logoff status messages Do not display the Getting Started welcome screen at logon Display highly detailed status messages Hide entry points for Fast User Switching Turn off Windows Startup sound Show first sign-in animation Always use custom logon background Do not enumerate connected users on domain-joined computers Enumerate local users on domain-joined computers Turn off app notifications on the lock screen Do not allow Windows Media Center to run Do not allow Windows Media Center to run Restrict the user from entering author mode Restrict users to the explicitly permitted list of snap-ins Extended View (Web View) ActiveX Control Link to Web Address AppleTalk Routing Authorization Manager Certification Authority Policy Settings Connection Sharing (NAT) DCOM Configuration Extension

Device Manager DHCP Relay Management Enterprise PKI Event Viewer Event Viewer (Windows Vista) IAS Logging IGMP Routing IP Routing IPX RIP Routing IPX Routing IPX SAP Routing Logical and Mapped Drives Online Responder OSPF Routing Public Key Policies RAS Dialin - User Node Remote Access Removable Storage RIP Routing Routing Send Console Message Service Dependencies Shared Folders Ext SMTP Protocol SNMP System Properties Group Policy Management Group Policy Object Editor Group Policy tab for Active Directory Tools Resultant Set of Policy snap-in Administrative Templates (Computers) Administrative Templates (Users) Folder Redirection Internet Explorer Maintenance IP Security Policy Management Windows Firewall with Advanced Security NAP Client Configuration Remote Installation Services Scripts (Startup/Shutdown) Scripts (Logon/Logoff) Security Settings Software Installation (Computers) Software Installation (Users) Wired Network (IEEE 802.3) Policies Wireless Network (IEEE 802.11) Policies Administrative Templates (Computers) Administrative Templates (Users) Folder Redirection

Internet Explorer Maintenance Scripts (Startup/Shutdown) Scripts (Logon/Logoff) Security Settings Software Installation (Computers) Software Installation (Users) Active Directory Domains and Trusts Active Directory Sites and Services Active Directory Users and Computers ADSI Edit Certification Authority Certificates Certificate Templates Component Services Computer Management Device Manager Distributed File System Disk Defragmenter Disk Management Event Viewer Event Viewer (Windows Vista) Failover Clusters Manager FAX Service FrontPage Server Extensions Health Registration Authority (HRA) Internet Authentication Service (IAS) Internet Information Services Indexing Service IP Security Policy Management IP Security Monitor Local Users and Groups NAP Client Configuration .Net Framework Configuration Network Policy Server (NPS) Performance Logs and Alerts QoS Admission Control Remote Desktops Routing and Remote Access Removable Storage Management Security Configuration and Analysis Security Templates Server Manager Services Shared Folders System Information Telephony Remote Desktop Services Configuration TPM Management

Windows Firewall with Advanced Security Wireless Monitor WMI Control Group Policy Starter GPO Editor Group Policy Management Editor Storage Manager for SANs Storage Manager for SANS Extension Disk Management Extension Share and Storage Management Share and Storage Management Extension DFS Management DFS Management Extension File Server Resource Manager File Server Resource Manager Extension Turn off Windows Mobility Center Turn off Windows Mobility Center Turn off Windows presentation settings Turn off Windows presentation settings Automatic Maintenance Activation Boundary Automatic Maintenance Random Delay Automatic Maintenance WakeUp Policy Microsoft Support Diagnostic Tool: Configure execution level Microsoft Support Diagnostic Tool: Restrict tool download Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider Configure MSI Corrupted File Recovery behavior Allow users to browse for source while elevated Allow users to use media source while elevated Allow users to patch elevated products Always install with elevated privileges Always install with elevated privileges Prohibit use of Restart Manager Remove browse dialog box for new source Prohibit flyweight patching Turn off logging via package settings Prevent removable media source for any installation Turn off Windows Installer Prevent users from using Windows Installer to install updates and upgrades Prohibit rollback Prohibit rollback Allow user control over installs Prohibit non-administrators from applying vendor signed updates Prohibit removal of updates Turn off creation of System Restore checkpoints Prohibit User Installs Enforce upgrade component rules Control maximum size of baseline file cache Specify the types of events Windows Installer records in its transaction log Prevent Internet Explorer security prompt for Windows Installer scripts

Specify the order in which Windows Installer searches for installation files Save copies of transform files in a secure location on workstation Turn off shared components Prevent embedded UI Allow the Network Access Protection client to support the 802.1x Enforcement Client component Support Email Address Friendly Name User Interface Prefer Local Names Allowed DirectAccess Passive Mode Corporate Resources IPsec Tunnel Endpoints Custom Commands Specify corporate Website probe URL Specify corporate DNS probe host name Specify corporate DNS probe host address Specify corporate site prefix list Specify domain location determination URL Specify passive polling Contact PDC on logon failure Use initial DC discovery retry setting for background callers Use maximum DC discovery retry interval setting for background callers Use final DC discovery retry setting for background callers Use positive periodic DC cache refresh for background callers Specify log file debug output level Specify expected dial-up delay on logon Specify maximum log file size Specify negative DC Discovery cache setting Set Netlogon share compatibility Specify positive periodic DC Cache refresh for non-background callers Set scavenge interval Specify site name Set SYSVOL share compatibility Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC Use DNS name resolution when a single-label domain name is used Use automated site coverage by the DC Locator DNS SRV Records Specify DC Locator DNS records not registered by the DCs Specify Refresh Interval of the DC Locator DNS records Set TTL in the DC Locator DNS Records Specify sites covered by the GC Locator DNS SRV Records Set Priority in the DC Locator DNS SRV records Set Weight in the DC Locator DNS SRV records Specify sites covered by the application directory partition DC Locator DNS SRV records Specify sites covered by the DC Locator DNS SRV records Specify dynamic registration of the DC Locator DNS Records Try Next Closest Site Force Rediscovery Interval Return domain controller address type

Allow cryptography algorithms compatible with Windows NT 4.0 Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails Specify address lookup behavior for DC locator ping Use urgent mode when pinging domain controllers Prohibit adding and removing components for a LAN or remote access connection Prohibit access to the Advanced Settings item on the Advanced menu Prohibit TCP/IP advanced configuration Prohibit installation and configuration of Network Bridge on your DNS domain network Prohibit Enabling/Disabling components of a LAN connection Ability to delete all user remote access connections Prohibit deletion of remote access connections Prohibit access to the Remote Access Preferences item on the Advanced menu Enable Windows 2000 Network Connections settings for Administrators Turn off notifications when a connection has only limited or no connectivity Prohibit access to properties of components of a LAN connection Ability to Enable/Disable a LAN connection Prohibit access to properties of a LAN connection Prohibit access to the New Connection Wizard Prohibit use of Internet Connection Firewall on your DNS domain network Ability to change properties of an all user remote access connection Prohibit access to properties of components of a remote access connection Prohibit connecting and disconnecting a remote access connection Prohibit changing properties of a private remote access connection Ability to rename all user remote access connections Ability to rename LAN connections or remote access connections available to all users Ability to rename LAN connections Prohibit renaming private remote access connections Prohibit use of Internet Connection Sharing on your DNS domain network Prohibit viewing of status for an active connection Require domain users to elevate when setting a network's location Do not show the "local access only" network icon Route all traffic through the internal network Internet proxy servers for apps Intranet proxy servers for apps Private network ranges for apps Proxy definitions are authoritative Subnet definitions are authoritative Turn off Connect to a Network Projector Turn off Connect to a Network Projector Network Projector Port Setting Subfolders always available offline Specify administratively assigned Offline Files Specify administratively assigned Offline Files Non-default server disconnect actions Non-default server disconnect actions Default cache size Allow or Disallow use of the Offline Files feature

Encrypt the Offline Files cache Event logging level Event logging level Files not cached Action on server disconnect Action on server disconnect Prevent use of Offline Files folder Prevent use of Offline Files folder Prohibit user configuration of Offline Files Prohibit user configuration of Offline Files Remove "Make Available Offline" command Remove "Make Available Offline" command Remove "Make Available Offline" for these files and folders Remove "Make Available Offline" for these files and folders Turn off reminder balloons Turn off reminder balloons At logoff Reminder balloon frequency Reminder balloon frequency Initial reminder balloon lifetime Initial reminder balloon lifetime Reminder balloon lifetime Reminder balloon lifetime Configure Slow link speed Synchronize all offline files before logging off Synchronize all offline files before logging off Synchronize all offline files when logging on Synchronize all offline files when logging on Synchronize offline files before suspend Synchronize offline files before suspend Turn on economical application of administratively assigned Offline Files Configure slow-link mode Limit disk space used by Offline Files Configure Background Sync Enable Transparent Caching Enable file screens Remove "Work offline" command Remove "Work offline" command Enable file synchronization on costed networks Turn off Microsoft Peer-to-Peer Networking Services Turn off Multicast Bootstrap Turn off PNRP cloud creation Set PNRP cloud to resolve only Set the Seed Server Turn off Multicast Bootstrap Turn off PNRP cloud creation Set PNRP cloud to resolve only Set the Seed Server

Turn off Multicast Bootstrap Turn off PNRP cloud creation Set PNRP cloud to resolve only Set the Seed Server Disable password strength validation for Peer Grouping Make Family Safety control panel visible on a Domain Detect compatibility issues for applications and drivers Detect application install failures Detect applications unable to launch installers under UAC Detect application failures caused by deprecated Windows DLLs Detect application failures caused by deprecated COM objects Detect application installers that need to be run as administrator Notify blocked drivers Turn on BranchCache Set percentage of disk space used for client computer cache Set BranchCache Hosted Cache mode Set BranchCache Distributed Cache mode Configure BranchCache for network files Enable Automatic Hosted Cache Discovery by Service Connection Point Configure Client BranchCache Version Support Configure Hosted Cache Servers Set age for segments in the data cache Turn off Tablet PC Pen Training Turn off Tablet PC Pen Training Configure Scenario Execution Level Configure Scenario Execution Level Configure Scenario Execution Level Configure Scenario Execution Level Enable/Disable PerfTrack Critical battery notification action Low battery notification action Critical battery notification level Low battery notification level Turn off low battery user notification Select the Power button action (plugged in) Select the Sleep button action (plugged in) Select the lid switch action (plugged in) Select the Start menu Power button action (plugged in) Select the Power button action (on battery) Select the Sleep button action (on battery) Select the lid switch action (on battery) Select the Start menu Power button action (on battery) Turn Off the hard disk (plugged in) Turn Off the hard disk (on battery) Specify a custom active power plan Select an active power plan Prompt for password on resume from hibernate/suspend Turn on the ability for applications to prevent sleep transitions (plugged in)

Specify the system hibernate timeout (plugged in) Require a password when a computer wakes (plugged in) Specify the system sleep timeout (plugged in) Turn off hybrid sleep (plugged in) Turn on the ability for applications to prevent sleep transitions (on battery) Specify the system hibernate timeout (on battery) Require a password when a computer wakes (on battery) Specify the system sleep timeout (on battery) Turn off hybrid sleep (on battery) Turn off adaptive display timeout (plugged in) Turn off adaptive display timeout (on battery) Turn off the display (plugged in) Turn off the display (on battery) Allow standby states (S1-S3) when sleeping (plugged in) Allow standby states (S1-S3) when sleeping (on battery) Do not turn off system power after a Windows system shutdown has occurred. Allow automatic sleep with Open Network Files (plugged in) Allow automatic sleep with Open Network Files (on battery) Reduce display brightness (plugged in) Reduce display brightness (on battery) Specify the display dim brightness (plugged in) Specify the display dim brightness (on battery) Turn on desktop background slideshow (plugged in) Turn on desktop background slideshow (on battery) Specify the unattended sleep timeout (plugged in) Specify the unattended sleep timeout (on battery) Allow applications to prevent automatic sleep (plugged in) Allow applications to prevent automatic sleep (on battery) Reserve battery notification level Turn on Script Execution Turn on Script Execution Turn on Module Logging Turn on Module Logging Set the default source path for Update-Help Set the default source path for Update-Help Prevent restoring previous versions from backups Prevent restoring previous versions from backups Hide previous versions list for local files Hide previous versions list for local files Prevent restoring local previous versions Prevent restoring local previous versions Hide previous versions list for remote files Hide previous versions list for remote files Prevent restoring remote previous versions Prevent restoring remote previous versions Hide previous versions of files on backup location Hide previous versions of files on backup location Activate Internet printing

Isolate print drivers from applications Custom support URL in the Printers folder's left pane Add Printer wizard - Network scan page (Managed network) Browse the network to find printers Always render print jobs on the server Always rasterize content to be printed using a software rasterizer Browse a common web site to find printers Disallow installation of printers using kernel-mode drivers Prevent addition of printers Prevent deletion of printers Add Printer wizard - Network scan page (Unmanaged network) Only use Package Point and print Package Point and print - Approved servers Only use Package Point and print Package Point and print - Approved servers Computer location Pre-populate printer search location text Point and Print Restrictions Point and Print Restrictions Default Active Directory path when searching for printers Printer browsing Execute print drivers in isolated processes Override print driver execution compatibility setting reported by print driver Extend Point and Print connection to search Windows Update Do not allow v4 printer drivers to show printer extensions Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps Allow Print Spooler to accept client connections Automatically publish new printers in Active Directory Prune printers that are not automatically republished Directory pruning interval Directory pruning priority Directory pruning retry Log directory pruning retry events Allow printers to be published Check published state Allow pruning of published printers Hide the Programs Control Panel Hide "Programs and Features" page Hide "Installed Updates" page Hide "Set Program Access and Computer Defaults" page Hide "Windows Marketplace" Hide "Get Programs" page Hide "Windows Features" Turn on extensive logging for Password Synchronization Set the number of synchronization retries for servers running Password Synchronization Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory Set the interval between synchronization retries for Password Synchronization Best effort service type

Controlled load service type Guaranteed service type Network control service type Qualitative service type Best effort service type Controlled load service type Guaranteed service type Network control service type Qualitative service type Limit outstanding packets Limit reservable bandwidth Set timer resolution Best effort service type Controlled load service type Guaranteed service type Network control service type Non-conforming packets Qualitative service type Configure Reliability WMI Providers Configure Scenario Execution Level Allow restore of system to default state Enable Persistent Time Stamp Report unplanned shutdown events Activate Shutdown Event Tracker System State Data feature Display Shutdown Event Tracker Turn on session logging Allow only Windows Vista or later connections Turn on bandwidth optimization Customize warning messages Configure Solicited Remote Assistance Configure Offer Remote Assistance Set time (in seconds) to force reboot Set time (in seconds) to force reboot CD and DVD: Deny read access CD and DVD: Deny read access CD and DVD: Deny write access CD and DVD: Deny write access CD and DVD: Deny execute access Custom Classes: Deny read access Custom Classes: Deny read access Custom Classes: Deny write access Custom Classes: Deny write access Floppy Drives: Deny read access Floppy Drives: Deny read access Floppy Drives: Deny write access Floppy Drives: Deny write access Floppy Drives: Deny execute access Removable Disks: Deny read access

Removable Disks: Deny read access Removable Disks: Deny write access Removable Disks: Deny write access Removable Disks: Deny execute access All Removable Storage classes: Deny all access All Removable Storage classes: Deny all access Tape Drives: Deny read access Tape Drives: Deny read access Tape Drives: Deny write access Tape Drives: Deny write access Tape Drives: Deny execute access WPD Devices: Deny read access WPD Devices: Deny read access WPD Devices: Deny write access WPD Devices: Deny write access All Removable Storage: Allow direct access in remote sessions Enable RPC Endpoint Mapper Client Authentication Propagate extended error information Set Minimum Idle Connection Timeout for RPC/HTTP connections Restrict Unauthenticated RPC clients Maintain RPC Troubleshooting State Information Specify maximum wait time for Group Policy scripts Run legacy logon scripts hidden Display instructions in logoff scripts as they run Run logon scripts synchronously Run logon scripts synchronously Display instructions in logon scripts as they run Run Windows PowerShell scripts first at computer startup Run Windows PowerShell scripts first at user logon Run Windows PowerShell scripts first at user logon Display instructions in shutdown scripts as they run Run startup scripts asynchronously Display instructions in startup scripts as they run Allow logon scripts when NetBIOS or WINS is disabled Configure Security Policy for Scripted Diagnostics Troubleshooting: Allow users to access and run Troubleshooting Wizards Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troublesh Configure Scheduled Maintenance Behavior Prevent adding UNC locations to index from Control Panel Prevent adding UNC locations to index from Control Panel Allow indexing of encrypted files Disable indexer backoff Prevent clients from querying the index remotely Prevent indexing when running on battery power to conserve energy Prevent customization of indexed locations in Control Panel Prevent customization of indexed locations in Control Panel Allow use of diacritics Always use automatic language detection when indexing content and properties

Disable indexing of removable drives Don't search the web or display web results in Search Don't search the web or display web results in Search over metered connections Set what information is shared in Search Set the SafeSearch setting for Search Prevent automatically adding shared folders to the Windows Search index Prevent adding user-specified locations to the All Locations menu Prevent the display of advanced indexing options for Windows Search in the Control Panel Prevent indexing files in offline files cache Enable indexing uncached Exchange folders Enable indexing of online delegate mailboxes Enable throttling for online mail indexing Prevent indexing Microsoft Office Outlook Prevent indexing e-mail attachments Control rich previews for attachments Prevent indexing public folders Indexer data location Add primary intranet search location Add secondary intranet search locations Preview pane location Set large or small icon view in desktop search results Stop indexing in the event of limited hard drive space Prevent unwanted iFilters and protocol handlers Do not allow web search Prevent indexing certain paths Prevent indexing certain paths Default indexed paths Default indexed paths Default excluded paths Default excluded paths Prevent indexing of certain file types Turn off storage and display of search history Select OCR languages from a code page Force TIFF IFilter to perform OCR for every page in a TIFF document Turn on Security Center (Domain PCs only) Turn off sensors Turn off sensors Turn off location Turn off location Turn off location scripting Turn off location scripting Do not display Server Manager automatically at logon Configure the refresh interval for Server Manager Do not display Initial Configuration Tasks window automatically at logon Do not display Manage Your Server page at logon Specify settings for optional component installation and component repair Do not sync Do not sync app settings

Do not sync passwords Do not sync personalize Do not sync Apps Do not sync other Windows settings Do not sync desktop personalization Do not sync browser settings Do not sync on metered connections Do not sync start settings Specify Windows Service Pack installation file location Specify Windows installation file location Turn off handwriting personalization data sharing Turn off handwriting personalization data sharing Allow DFS roots to be published Allow shared folders to be published Prevent users from sharing files within their profile. Prevent the computer from joining a homegroup Prevent access to the command prompt Prevent access to registry editing tools Run only specified Windows applications Don't run specified Windows applications Do not display the Welcome Center at user logon Turn off desktop gadgets Turn off desktop gadgets Restrict unpacking and installation of gadgets that are not digitally signed. Restrict unpacking and installation of gadgets that are not digitally signed. Turn Off user-installed desktop gadgets Turn Off user-installed desktop gadgets Allow certificates with no extended key usage certificate attribute Allow Integrated Unblock screen to be displayed at the time of logon Filter duplicate logon certificates Force the reading of all certificates from the smart card Allow signature keys valid for Logon Allow time invalid certificates Turn on certificate propagation from smart card Configure root certificate clean up Turn on root certificate propagation from smart card Display string when smart card is blocked Reverse the subject name stored in a certificate when displaying Prevent plaintext PINs from being returned by Credential Manager Allow user name hint Turn on Smart Card Plug and Play service Notify user of successful smart card driver installation Allow ECC certificates to be used for logon and authentication Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NI Set the map update interval for NIS subordinate servers

Specify communities Specify permitted managers Specify traps for public community Do not allow Sound Recorder to run Do not allow Sound Recorder to run File Classification Infrastructure: Display Classification tab in File Explorer File Classification Infrastructure: Specify classification properties list Customize message for Access Denied errors Enable access-denied assistance on client for all file types Clear the recent programs list for new users Remove Games link from Start Menu Remove Search Computer link Remove See More Results / Search Everywhere link Add Search Internet link to Start Menu Do not search for files Do not search Internet Do not search programs and Control Panel items Do not search communications Remove user folder link from Start Menu Add the Run command to the Start Menu Show QuickLaunch on Taskbar Clear history of recently opened documents on exit Add Logoff to the Start Menu Gray unavailable Windows Installer programs Start Menu shortcuts Turn off personalized menus Lock the Taskbar Add "Run in Separate Memory Space" check box to Run dialog box Turn off notification area cleanup Remove Balloon Tips on Start Menu items Prevent users from customizing their Start Screen Clear history of tile notifications on exit Pin Apps to Start when installed Pin Apps to Start when installed Start Screen Layout Start Screen Layout Remove and prevent access to the Shut Down Remove common program groups from Start Menu Remove Favorites menu from Start Menu Remove Search link from Start Menu Remove frequent programs list from the Start Menu Remove Help menu from Start Menu Turn off user tracking Remove All Programs list from the Start menu Remove Network Connections from Start Menu Remove pinned programs list from the Start Menu Do not keep history of recently opened documents Remove Recent Items menu from Start Menu Do not use the search-based method when resolving shell shortcuts

Do not use the tracking-based method when resolving shell shortcuts Remove Run menu from Start Menu Remove programs on Settings menu Prevent changes to Taskbar and Start Menu Settings Remove Default Programs link from the Start menu. Remove Documents icon from Start Menu Remove Music icon from Start Menu Remove Network icon from Start Menu Remove Pictures icon from Start Menu Remove user's folders from the Start Menu Force classic Start Menu Remove Clock from the system notification area Prevent grouping of taskbar items Do not display any custom toolbars in the taskbar Remove access to the context menus for the taskbar Hide the notification area Remove user name from Start Menu Remove links and access to Windows Update Remove the "Undock PC" button from the Start Menu Remove Logoff on the Start Menu Remove Homegroup link from Start Menu Remove Downloads link from Start Menu Remove Recorded TV link from Start Menu Remove Videos link from Start Menu Prevent users from uninstalling applications from Start Change Start Menu power button Show "Run as different user" command on Start Default Default app Default search Sort Multimon Turn off Configuration Turn off System Restore Turn off AutoComplete integration with Input Panel Turn off AutoComplete integration with Input Panel Prevent Input Panel tab from appearing Prevent Input Panel tab from appearing For tablet pen input For tablet pen input For touch input For touch input Turn off password security in Input Panel Turn off password security in Input Panel Include rarely used Chinese Include rarely used Chinese Turn off tolerant and Z-shaped scratch-out gestures Disable text prediction

Disable text prediction Do not allow Inkball to run Do not allow Inkball to run Do not allow Windows Journal to be run Do not allow Windows Journal to be run Do not allow printing to Journal Note Writer Do not allow printing to Journal Note Writer Do not allow Snipping Tool to run Do not allow Snipping Tool to run Turn off pen feedback Turn off pen feedback Prevent Back-ESC mapping Prevent Back-ESC mapping Prevent launch an application Prevent launch an application Prevent press and hold Prevent press and hold Turn off hardware buttons Turn off hardware buttons Prevent Flicks Learning Mode Prevent Flicks Learning Mode Prevent flicks Prevent flicks Remove the battery meter Remove the networking icon Remove the volume control icon Remove the Action Center icon Lock all taskbar settings Prevent users from adding or removing toolbars Prevent users from rearranging toolbars Turn off all balloon notifications Prevent users from moving taskbar to another screen dock location Prevent users from resizing the taskbar Turn off taskbar thumbnails Remove pinned programs from the Taskbar Turn off automatic promotion of notification icons to the taskbar Turn off feature advertisement balloon notifications Do not display or track items in Jump Lists from remote locations Do not allow pinning programs to the Taskbar Do not allow pinning items in Jump Lists Do not allow taskbars on more than one display Prohibit Browse Prohibit Browse Hide Advanced Properties Checkbox in Add Scheduled Task Wizard Hide Advanced Properties Checkbox in Add Scheduled Task Wizard Prohibit Drag-and-Drop Prohibit Drag-and-Drop Prevent Task Run or End

Prevent Task Run or End Hide Property Pages Hide Property Pages Prohibit New Task Creation Prohibit New Task Creation Prohibit Task Deletion Prohibit Task Deletion Set ISATAP State Set ISATAP Router Name Set 6to4 State Set 6to4 Relay Name Set 6to4 Relay Name Resolution Interval Set Teredo State Set Teredo Server Name Set Teredo Refresh Rate Set Teredo Client Port Set Teredo Default Qualified Set IP-HTTPS State Set Window Scaling Heuristics State Set IP Stateless Autoconfiguration Limits State Allow time zone redirection Do not allow Clipboard redirection Remove remote desktop wallpaper Always show desktop on connection Allow remote start of unlisted programs Allow desktop composition for remote desktop sessions Use RD Connection Broker load balancing Redirect only the default client printer Redirect only the default client printer Set time limit for logoff of RemoteApp sessions Set time limit for logoff of RemoteApp sessions Do not allow font smoothing Select the network adapter to be used for Remote Desktop IP Virtualization Do not use Remote Desktop Session Host server IP address when virtual IP address is not available Turn off Fair Share CPU Scheduling Turn off Windows Installer RDS Compatibility Turn on Remote Desktop IP Virtualization Use the hardware default graphics adapter for all Remote Desktop Services sessions Configure image quality for RemoteFX Adaptive Graphics Configure RemoteFX Adaptive Graphics Set remote control session UAC desktop Select network detection on the server Select RDP transport protocols Enable connection through RD Gateway Set RD Gateway server address Automatic reconnection Limit maximum color depth Limit number of monitors

Allow users to connect remotely by using Remote Desktop Services Limit maximum display resolution Enforce Removal of Remote Desktop Wallpaper Deny logoff of an administrator logged in to the console session Configure keep-alive connection interval Use the specified Remote Desktop license servers Hide notifications about RD Licensing problems that affect the RD Session Host server Set the Remote Desktop licensing mode Limit number of connections Remove "Disconnect" option from Shut Down dialog Remove Windows Security item from Start menu Suspend user sign-in to complete app registration Set rules for remote control of Remote Desktop Services user sessions Set rules for remote control of Remote Desktop Services user sessions Set remote control session UAC desktop Set remote control permission request timeout Use advanced RemoteFX graphics for RemoteApp Restrict Remote Desktop Services users to a single Remote Desktop Services session Start a program on connection Start a program on connection Do not allow local administrators to customize permissions Always show desktop on connection Set Remote Desktop Services User Home Directory Set path for Remote Desktop Services Roaming User Profile Use mandatory profiles on the RD Session Host server Limit the size of the entire roaming user profile cache License server security group Prevent license upgrade Allow audio and video playback redirection Limit audio playback quality Allow audio recording redirection Do not allow Clipboard redirection Do not allow COM port redirection Do not set default client printer to be default printer in a session Use Remote Desktop Easy Print printer driver first Use Remote Desktop Easy Print printer driver first Do not allow drive redirection Do not allow LPT port redirection Do not allow supported Plug and Play device redirection Do not allow client printer redirection Specify RD Session Host server fallback printer driver behavior Do not allow smart card device redirection Allow time zone redirection Require secure RPC communication Join RD Connection Broker Configure RD Connection Broker farm name Use IP Address Redirection Configure RD Connection Broker server name

End session when time limits are reached End session when time limits are reached Set time limit for disconnected sessions Set time limit for disconnected sessions Set time limit for active but idle Remote Desktop Services sessions Set time limit for active but idle Remote Desktop Services sessions Set time limit for active Remote Desktop Services sessions Set time limit for active Remote Desktop Services sessions Do not delete temp folders upon exit Do not use temporary folders per session Allow .rdp files from unknown publishers Allow .rdp files from unknown publishers Allow .rdp files from valid publishers and user's default .rdp settings Allow .rdp files from valid publishers and user's default .rdp settings Specify SHA1 thumbprints of certificates representing trusted .rdp publishers Specify SHA1 thumbprints of certificates representing trusted .rdp publishers Prompt for credentials on the client computer Configure server authentication for client Configure image quality for RemoteFX Adaptive Graphics Configure RemoteFX Adaptive Graphics Configure compression for RemoteFX data Enable Remote Desktop Protocol 8.0 Optimize visual experience for Remote Desktop Service Sessions Allow RDP redirection of other supported RemoteFX USB devices from this computer Configure RemoteFX Optimize visual experience when using RemoteFX Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1 Specify default connection URL Select network detection on the server Select RDP transport protocols Configure the level of TPM owner authorization information available to the operating system Configure the list of blocked TPM commands Ignore the default list of blocked TPM commands Ignore the local list of blocked TPM commands Standard User Lockout Duration Standard User Individual Lockout Threshold Standard User Total Lockout Threshold Add the Administrators security group to roaming user profiles Do not check for user ownership of Roaming Profile Folders Connect home directory to root of the share Delete cached copies of roaming profiles Disable detection of slow network connections Prompt user when a slow network connection is detected Exclude directories in roaming profile Leave Windows Installer and Group Policy Software Installation Data Limit profile size Only allow local user profiles Establish timeout value for dialog boxes

Do not log users on with temporary profiles Maximum retries to unload and update user profile Prevent Roaming Profile changes from propagating to the server Wait for remote user profile Control slow network connection timeout for user profiles Delete user profiles older than a specified number of days on system restart Specify network directories to sync at logon/logoff time only Do not forcefully unload the users registry at user logoff Set maximum wait time for the network if a user has a roaming user profile or remote home directory Set roaming profile path for all users logging onto this computer Set the schedule for background upload of a roaming user profile's registry file while user is logged on User management of sharing user name Download roaming profiles on primary computers only Set user home folder Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vi Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista) Choose default folder for recovery password Choose drive encryption method and cipher strength (Windows Vista Choose drive encryption method and cipher strength Prevent memory overwrite on restart Allow enhanced PINs for startup Configure use of passwords for operating system drives Reset platform validation data after BitLocker recovery Disallow standard users from changing the PIN or password Provide the unique identifiers for your organization Validate smart card certificate usage rule compliance Use enhanced Boot Configuration Data validation profile Choose how BitLocker-protected operating system drives can be recovered Enforce drive encryption type on operating system drives Require additional authentication at startup (Windows Server 2008 and Windows Vista) Require additional authentication at startup Allow network unlock at startup Configure TPM platform validation profile (Windows Vista Configure TPM platform validation profile for BIOS-based firmware configurations Configure TPM platform validation profile for native UEFI firmware configurations Configure minimum PIN length for startup Configure use of hardware-based encryption for operating system drives Enable use of BitLocker authentication requiring preboot keyboard input on slates Allow Secure Boot for integrity validation Choose how BitLocker-protected fixed drives can be recovered Configure use of passwords for fixed data drives Deny write access to fixed drives not protected by BitLocker Allow access to BitLocker-protected fixed data drives from earlier versions of Windows Configure use of smart cards on fixed data drives Enforce drive encryption type on fixed data drives Configure use of hardware-based encryption for fixed data drives Choose how BitLocker-protected removable drives can be recovered Control use of BitLocker on removable drives

Configure use of passwords for removable data drives Deny write access to removable drives not protected by BitLocker Allow access to BitLocker-protected removable data drives from earlier versions of Windows Configure use of smart cards on removable data drives Enforce drive encryption type on removable data drives Configure use of hardware-based encryption for removable data drives Global Configuration Settings Configure Windows NTP Client Enable Windows NTP Client Enable Windows NTP Server Prohibit connection to non-domain networks when connected to domain authenticated network Minimize the number of simultaneous connections to the Internet or a Windows Domain Prohibit connection to roaming Mobile Broadband networks Disable power management in connected standby mode Diagnostics: Configure scenario retention Diagnostics: Configure scenario execution level Turn off Windows Calendar Turn off Windows Calendar Prevent the wizard from running. Prevent the wizard from running. Allow only system backup Disallow locally attached storage as backup target Disallow network as backup target Disallow optical media as backup target Disallow run-once backups Prohibit installing or uninstalling color profiles Prohibit installing or uninstalling color profiles Prohibit access of the Windows Connect Now wizards Prohibit access of the Windows Connect Now wizards Configuration of wireless settings using Windows Connect Now Allow antimalware service to startup with normal priority Turn on spyware definitions Turn on virus definitions Configure local administrator merge behavior for lists Turn on routine remediation Define addresses to bypass proxy server Define proxy server for connecting to the network Randomize scheduled task times Allow antimalware service to remain running always Extension Exclusions Path Exclusions Process Exclusions Turn on protocol recognition Turn on definition retirement Define the rate of detection events for logging IP address range Exclusions Port number Exclusions Process Exclusions for outbound traffic

Threat ID Exclusions Specify additional definition sets for network traffic inspection Configure local setting override for the removal of items from Quarantine folder Configure removal of items from Quarantine folder Turn on behavior monitoring Turn on Information Protection Control Turn on network protection against exploits of known vulnerabilities Scan all downloaded files and attachments Monitor file and program activity on your computer Turn on raw volume write notifications Turn on real-time protection Turn on process scanning whenever real-time protection is enabled Define the maximum size of downloaded files and attachments to be scanned Configure local setting override for turn on behavior monitoring Configure local setting override for monitoring file and program activity on your computer Configure local setting override to turn off Intrusion Prevention System Configure local setting override for scanning all downloaded files and attachments Configure local setting override to turn on real-time protection Configure local setting override for monitoring for incoming and outgoing file activity Configure monitoring for incoming and outgoing file and program activity Configure local setting override for the time of day to run a scheduled full scan to complete remediation Specify the day of the week to run a scheduled full scan to complete remediation Specify the time of day to run a scheduled full scan to complete remediation Configure time out for detections requiring additional action Configure time out for detections in critically failed state Configure Watson events Configure time out for detections in non-critical failed state Configure time out for detections in recently remediated state Configure Windows software trace preprocessor components Configure WPP tracing level Allow users to pause scan Specify the maximum depth to scan archive files Specify the maximum size of archive files to be scanned Specify the maximum percentage of CPU utilization during a scan Check for the latest virus and spyware definitions before running a scheduled scan Scan archive files Turn on catch-up full scan Turn on catch-up quick scan Turn on e-mail scanning Turn on heuristics Scan packed executables Scan removable drives Turn on reparse point scanning Create a system restore point Run full scan on mapped network drives Scan network files Configure local setting override for maximum percentage of CPU utilization Configure local setting override for the scan type to use for a scheduled scan

Configure local setting override for schedule scan day Configure local setting override for scheduled quick scan time Configure local setting override for scheduled scan time Turn on removal of items from scan history folder Specify the interval to run quick scans per day Start the scheduled scan only when computer is on but not in use Specify the scan type to use for a scheduled scan Specify the day of the week to run a scheduled scan Specify the time for a daily quick scan Specify the time of day to run a scheduled scan Define the number of days before spyware definitions are considered out of date Define the number of days before virus definitions are considered out of date Define file shares for downloading definition updates Turn on scan after signature update Allow definition updates when running on battery power Initiate definition update on startup Define the order of sources for downloading definition updates Allow definition updates from Microsoft Update Allow real-time definition updates based on reports to Microsoft MAPS Specify the day of the week to check for definition updates Specify the time to check for definition updates Allow notifications to disable definitions based reports to Microsoft MAPS Define the number of days after which a catch-up definition update is required Specify the interval to check for definition updates Check for the latest virus and spyware definitions on startup Configure local setting override for reporting to Microsoft MAPS Join Microsoft MAPS Specify threats upon which default action should not be taken when detected Specify threat alert levels at which default action should not be taken when detected Display notifications to clients when they need to perform actions Display additional text to clients when they need to perform an action Hide the common dialog back button Hide the dropdown list of recent files Hide the common dialog places bar Items displayed in Places Bar Turn on Classic Shell Display confirmation dialog when deleting files Allow only per user or approved shell extensions Do not track Shell shortcuts during roaming Maximum number of recent documents Turn off caching of thumbnail pictures Remove CD Burning features Remove UI to change menu animation setting Remove UI to change keyboard navigation indicator setting Remove DFS tab Hide these specified drives in My Computer No Entire Network in Network Locations Remove File menu from File Explorer

Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon Remove Hardware tab Hides the Manage item on the File Explorer context menu Remove Shared Documents from My Computer Remove "Map Network Drive" and "Disconnect Network Drive" Do not move deleted files to the Recycle Bin Do not request alternate credentials Remove Security tab Remove Search button from File Explorer Remove File Explorer's default context menu Prevent access to drives from My Computer Turn off Windows+X hotkeys No Computers Near Me in Network Locations Request credentials for network installations Maximum allowed Recycle Bin size Turn off shell protocol protected mode Turn off shell protocol protected mode Remove the Search the Internet "Search again" link Pin Internet search sites to the "Search again" links and the Start menu Pin Libraries or Search Connectors to the "Search again" links and the Start menu Verify old and new Folder Redirection targets point to the same share before redirecting Disable Known Folders Turn off the display of snippets in Content view mode Turn off Windows Libraries features that rely on indexed file data Turn off display of recent search entries in the File Explorer search box Disable binding directly to IPropertySetStorage without intermediate layers. Disable binding directly to IPropertySetStorage without intermediate layers. Turn off numerical sorting in File Explorer Turn off numerical sorting in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer

Allow OpenSearch queries in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Location where all default Library definition files for users/machines reside. Location where all default Library definition files for users/machines reside. Configure Windows SmartScreen Show lock in the user tile menu Show sleep in the power options menu Show hibernate in the power options menu Do not show the 'new application installed' notification Start File Explorer with ribbon minimized Start File Explorer with ribbon minimized Set a default associations configuration file Allow the use of remote paths in file shortcut icons Specify Windows File Protection cache location Limit Windows File Protection cache size Set Windows File Protection scanning Hide the file scan progress window Windows Firewall: Allow authenticated IPsec bypass Windows Firewall: Define inbound program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Allow inbound file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow logging Windows Firewall: Prohibit notifications Windows Firewall: Define inbound port exceptions Windows Firewall: Allow local port exceptions Windows Firewall: Allow inbound remote administration exception

Windows Firewall: Allow inbound Remote Desktop exceptions Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Allow inbound UPnP framework exceptions Windows Firewall: Define inbound program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Allow inbound file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow logging Windows Firewall: Prohibit notifications Windows Firewall: Define inbound port exceptions Windows Firewall: Allow local port exceptions Windows Firewall: Allow inbound remote administration exception Windows Firewall: Allow inbound Remote Desktop exceptions Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Allow inbound UPnP framework exceptions Turn off Windows Mail application Turn off Windows Mail application Turn off the communities features Turn off the communities features Prevent Windows Media DRM Internet Access Prevent Automatic Updates Do Not Show First Use Dialog Boxes Prevent Video Smoothing Prevent CD and DVD Media Information Retrieval Prevent Media Sharing Prevent Music File Media Information Retrieval Prevent Quick Launch Toolbar Shortcut Creation Prevent Radio Station Preset Retrieval Prevent Desktop Shortcut Creation Allow Screen Saver Prevent Codec Download Do Not Show Anchor Hide Privacy Tab Hide Security Tab Set and Lock Skin Configure HTTP Proxy Configure MMS Proxy Configure RTSP Proxy Hide Network Tab Configure Network Buffering Streaming Media Protocols Do not automatically start Windows Messenger initially Do not automatically start Windows Messenger initially Do not allow Windows Messenger to be run Do not allow Windows Messenger to be run Allow Basic authentication

Allow unencrypted traffic Disallow Digest authentication Disallow Negotiate authentication Disallow Kerberos authentication Allow CredSSP authentication Trusted Hosts Allow remote server management through WinRM Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Remove access to use all Windows Update features Configure Automatic Updates Specify intranet Microsoft update service location Automatic Updates detection frequency Allow non-administrators to receive update notifications Allow Automatic Updates immediate installation Turn on recommended updates via Automatic Updates Turn on Software Notifications Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates No auto-restart with logged on users for scheduled automatic updates installations Always automatically restart at the scheduled time Re-prompt for restart with scheduled installations Delay Restart for scheduled installations Reschedule Automatic Updates scheduled installations Enable client-side targeting Allow signed updates from an intranet Microsoft update service location Turn off legacy remote shutdown interface Timeout for hung logon sessions during shutdown Require use of fast startup Display information about previous logons during user logon Remove logon hours expiration warnings Set action to take when logon hours expire Disable or enable software Secure Attention Sequence Specify Work Folders settings Turn off tile notifications Turn off toast notifications Turn off toast notifications on the lock screen Turn off notifications network usage Turn off Quiet Hours Set the time Quiet Hours begins each day Set the time Quiet Hours ends each day Turn off calls during Quiet Hours Set 3G Cost Set 4G Cost

Scope New in 8.1 Policy Path Registry I Supported Help Text Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 User 0 Control P HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Sof At least Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem Machine 0 Windows C HKLM\Soft At least This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus Machine 0 Windows C HKLM\Soft At least The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off Machine 0 Windows C HKLM\Soft At least The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes User 0 Windows C HKCU\Soft At least W This setting exists only for backward compatibility Machine 0 Windows C HKLM\Soft At least W This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected Machine 0 Windows C HKLM\Soft At least This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input Machine 0 Windows C HKLM\Soft At least This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications Machine 0 Windows HKLM\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Soft At least Windows Server 2012 User 0 Windows HKCU\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Soft At least Windows Server 2012 User 0 Windows HKCU\Soft At least Windows Server 2012 User 0 Windows HKCU\Soft At least W This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered User 0 Windows HKCU\Soft At least W This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example User 0 Windows HKCU\Soft At least W This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted User 0 Windows HKCU\Soft At least W This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting User 0 Windows HKCU\Soft At least W This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments User 0 Windows HKCU\Soft At least W This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone User 0 Windows HKCU\Soft At least W This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types User 0 Windows HKCU\Soft At least W This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone Machine 0 Windows C HKLM\Soft At least W This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista User 0 Windows C HKCU\Soft At least W This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista Machine 0 Windows C HKLM\Soft At least W This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result User 0 Windows C HKCU\Soft At least This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result Machine 0 Windows C HKLM\Soft At least This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default

Machine 0 Windows C HKLM\SOFT At least This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default Machine 0 Windows C HKLM\SOFT At least This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default Machine 0 Network\Ba HKLM\Soft Windows XP or Windows Server 2003 Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit Machine 0 Network\Ba HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth Machine 0 Network\Ba HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits Machine 0 Network\Ba HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits Machine 0 Network\Ba HKLM\Soft At least W This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache Machine 0 Network\Ba HKLM\Soft At least W This policy setting specifies whether the computer will act as a BITS peer caching client. By default Machine 0 Network\Ba HKLM\Soft At least W This policy setting specifies whether the computer will act as a BITS peer caching server. By default Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers Machine 0 Network\Ba HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the number of BITS jobs that can be created by a user. By default Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the number of files that a BITS job can contain. By default Machine 0 Network\Ba HKLM\Soft At least W This policy setting limits the number of ranges that can be added to a file in a BITS job. By default Machine 0 Network\Ba HKLM\Soft Windows 7 This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer Machine 0 Windows HKLM\Soft At least W If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server. Machine 0 Windows HKLM\Software\Policies\Microsoft\SQMClient\Windows!StudyId Machine 0 Network\SS HKLM\SOFT At least W This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting User 0 System HKCU\Soft At least This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs Machine 0 System HKLM\Sof At least This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs User 0 Windows C HKCU\Soft at least Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. User 0 Windows C HKCU\Soft at least Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. User 0 Windows C HKCU\Soft at least Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. User 0 Windows C HKCU\Soft at least Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications User 0 Windows C HKCU\Soft at least Prevents users from sharing the whole desktop. They will still be able to share individual applications. User 0 Windows C HKCU\Soft at least Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications User 0 Windows C HKCU\Soft at least Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. User 0 Windows HKCU\Soft at least Disables the audio feature of NetMeeting. Users will not be able to send or receive audio. User 0 Windows HKCU\Soft at least Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality User 0 Windows HKCU\Soft at least Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. User 0 Windows HKCU\Soft at least Prevents users from receiving video. Users will still be able to send video provided they have the hardware." User 0 Windows HKCU\Soft at least Prevents users from sending video if they have the hardware. Users will still be able to receive video from others. User 0 Windows HKCU\Soft at least Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. User 0 Windows HKCU\Soft at least Make the automatic acceptance of incoming calls persistent. User 0 Windows HKCU\Soft at least Disables the Chat feature of NetMeeting. User 0 Windows HKCU\Soft at least Disables the T.126 whiteboard feature of NetMeeting. User 0 Windows HKCU\Soft at least Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it. Machine 0 Windows HKLM\Soft at least Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. User 0 Windows HKCU\Software\Policies\Microsoft\Conferencing!Use AutoConfig User 0 Windows HKCU\Soft at least Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. User 0 Windows HKCU\Soft at least Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always. User 0 Windows HKCU\Soft at least Prevents users from changing the way calls are placed User 0 Windows HKCU\Soft at least Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book." User 0 Windows HKCU\Soft at least Prevents users from receiving files from others in a conference.

User 0 Windows HKCU\Soft at least Prevents users from sending files to others in a conference. User 0 Windows HKCU\Soft at least Prevents users from viewing directories as Web pages in a browser. User 0 Windows HKCU\Soft at least Limits the size of files users can send to others in a conference. User 0 Windows HKCU\Soft at least Sets the URL NetMeeting will display when the user chooses the Help Online Support command. User 0 Windows HKCU\Soft at least Sets the level of security for both outgoing and incoming NetMeeting calls. User 0 Windows HKCU\Soft at least Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. User 0 Windows HKCU\Soft at least Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. User 0 Windows HKCU\Soft at least Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. User 0 Windows HKCU\Soft at least Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. User 0 Windows HKCU\Soft at least Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. User 0 Control Pa HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl User 0 Control Pa HKCU\Soft At least This policy setting controls the default Control Panel view User 0 Control Pa HKCU\Soft At least Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe User 0 Control Pa HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl User 0 Control Pa HKCU\Soft At least Disables the Display Control Panel.If you enable this setting User 0 Control Pa HKCU\Soft Windows Server 2003 User 0 Control Pa HKCU\Soft At least Disables the Color (or Window Color) page in the Personalization Control Panel User 0 Control Pa HKCU\Soft At least Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add User 0 Control Pa HKCU\Soft At least W Enables desktop screen savers.If you disable this setting User 0 Control Pa HKCU\Soft At least W Specifies the screen saver for the user's desktop.If you enable this setting User 0 Control Pa HKCU\Soft At least W Determines whether screen savers used on the computer are password protected.If you enable this setting User 0 Control Pa HKCU\Soft At least W Specifies how much user idle time must elapse before the screen saver is launched.When configured User 0 Control Pa HKCU\Soft At least Prevents users from adding or changing the background design of the desktop.By default User 0 Control Pa HKCU\Soft At least Prevents users from changing the sound scheme.By default User 0 Control Pa HKCU\Soft At least Prevents users from changing the mouse pointers.By default User 0 Control Pa HKCU\Soft At least Prevents users from changing the desktop icons.By default User 0 Control Pa HKCU\Soft Windows Server 2008 User 0 Control Pa HKCU\Soft At least This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting User 0 Control Pa HKCU\Soft At least Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting User 0 Control Pa HKCU\Soft At least Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP User 0 Control Pa HKCU\Soft At least This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles) User 0 Control Pa HKCU\Soft Windows Server 2003 Machine 0 Control Pa HKLM\Soft At least Windows Server 2012 Machine 0 Control Pa HKLM\Soft At least Windows Server 2012 Machine 1 Control Pa HKLM\Soft At least Windows Server 2012 R2 Machine 1 Control Pa HKLM\Soft At least Windows Server 2012 R2 Machine 1 Control Pa HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background Machine 1 Control Pa HKLM\Soft At least Windows Server 2012 R2 Machine 0 Control Pa HKLM\Soft At least Windows Server 2012 Machine 1 Control Pa HKLM\Soft At least Windows Server 2012 Machine 0 Control P HKLM\Soft At least W This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist Machine 0 System\Lo HKLM\Soft At least W This policy setting specifies a default logon domain Machine 0 System\Lo HKLM\Soft At least W This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example Machine 0 System\Lo HKLM\Soft At least Windows Server 2012 Machine 0 System\Lo HKLM\Soft At least Windows Server 2012 Machine 1 System\Lo HKLM\Soft At least Windows Server 2012 Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly

Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials Machine 0 System\Cr HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials Machine 1 System\Cr HKLM\Soft At least Windows Server 2012 R2 Machine 0 Windows C HKLM\Soft At least W This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default Machine 0 Windows C HKLM\Soft At least W This policy setting requires the user to enter Microsoft Windows credentials using a trusted path Machine 0 Windows C HKLM\Soft At least Windows Server 2012 User 0 Windows C HKCU\Soft At least Windows Server 2012 User 0 System\Ctr HKCU\Soft At least This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting User 0 System\Ctr HKCU\Soft At least This policy setting prevents users from locking the system.While locked User 0 System\Ctr HKCU\Soft At least This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers User 0 System\Ctr HKCU\Soft At least This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting Machine 0 System\Dis HKLM\Soft At least W Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting Machine 0 System\Dis HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Soft Windows Server 2003 User 0 Desktop\D HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper User 0 Desktop\Ac HKCU\Soft At least Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting User 0 Desktop\Ac HKCU\Soft Windows 2 Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting User 0 Desktop\Ac HKCU\Soft At least Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory User 0 Desktop HKCU\Soft At least Prevents users from changing the path to their profile folders.By default User 0 Desktop HKCU\Soft At least Removes icons User 0 Desktop HKCU\Soft Windows S Prevents users from using the Desktop Cleanup Wizard.If you enable this setting User 0 Desktop HKCU\Soft At least Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods. User 0 Desktop HKCU\Sof At least This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows User 0 Desktop HKCU\Sof Windows Server 2003 User 0 Desktop HKCU\Soft At least Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista User 0 Desktop HKCU\Soft At least W This setting hides Properties on the context menu for Computer.If you enable this setting User 0 Desktop HKCU\Soft Windows Server 2003 User 0 Desktop HKCU\Soft Windows Server 2003 User 0 Desktop HKCU\Soft At least Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop User 0 Desktop HKCU\Soft At least Removes the Properties option from the Recycle Bin context menu.If you enable this setting User 0 Desktop HKCU\Soft At least Prevents users from saving certain changes to the desktop.If you enable this setting

TRUE User 0 Desktop HKCU\Soft At least Prevents users from adjusting the length of desktop toolbars. Also User 0 Desktop HKCU\Soft At least Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy

Machine 0 Windows C HKLM\Syst At least Windows Server 2012 Machine 0 Windows C HKLM\Syst At least Windows Server 2012 Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting Machine 0 System\Dev HKLM\Soft At least This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity Machine 0 System\Dev HKLM\Soft Windows Server 2008 Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device Machine 0 System\Dev HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses Machine 0 System\Dev HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses Machine 0 System\Dev HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs Machine 0 System\Dev HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting Machine 0 System\Dev HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting Machine 0 System\Dri HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses User 0 System\Dri HKCU\Soft Windows Server 2003 Machine 0 System\Dev HKLM\Soft At least This policy setting prevents redirection of USB devices.If you enable this setting Machine 0 System\Dev HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs Machine 0 System\Dev HKLM\Soft At least W This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting Machine 0 System\Dev HKLM\Soft At least W Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting Machine 0 System\Dev HKLM\Soft At least Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting User 0 System\Dri HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies User 0 System\Dri HKCU\Soft Windows Server 2008 Machine 0 System\Dri HKLM\Soft Windows Server 2008 Machine 0 System\Dev HKLM\Soft At least This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting Machine 0 System\Dev HKLM\Soft At least This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting Machine 0 System\Dev HKLM\SOF At least This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting Machine 0 Network HKLM\Soft At least This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default User 0 Windows C HKCU\SOFT At least W Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Machine 0 Windows C HKLM\SOFT At least W Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Machine 0 System\Tr HKLM\SOF This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled Machine 0 System\Di HKLM\Sof At least W This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting Machine 0 System\Di HKLM\Soft At least W This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting Machine 0 System\Di HKLM\Soft At least W This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system Machine 0 System\Di HKLM\Soft At least W This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting Machine 0 System\Di HKLM\Soft At least This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer Machine 0 System\Di HKLM\Soft At least This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting Machine 0 System\Di HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Limit Machine 0 System\Di HKLM\Soft At least This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume Machine 0 System\Di HKLM\Soft At least This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting Machine 0 System\Di HKLM\Soft At least This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting Machine 0 System HKLM\Sof Windows Server 2003 Machine 0 Network\D HKLM\Soft Windows X Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes Machine 0 Network\D HKLM\Soft Windows X Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting Machine 0 Network\D HKLM\Soft At least Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting

Machine 0 Network\D HKLM\Soft At least Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix Machine 0 Network\D HKLM\Soft At least Specifies if DNS client computers will register PTR resource records.By default Machine 0 Network\D HKLM\Soft At least Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting Machine 0 Network\D HKLM\Soft Windows X Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Machine 0 Network\D HKLM\Soft At least Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Machine 0 Network\D HKLM\Soft At least Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL Machine 0 Network\D HKLM\Soft At least Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example Machine 0 Network\D HKLM\Soft At least Specifies the security level for dynamic DNS updates.To use this policy setting Machine 0 Network\D HKLM\Soft At least Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones Machine 0 Network\D HKLM\Soft At least Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution Machine 0 Network\D HKLM\Soft At least Windows Server 2012 Machine 0 Network\D HKLM\Soft At least Windows Server 2012 Machine 0 Network\D HKLM\Soft At least Windows Server 2012 Machine 0 Network\D HKLM\Soft At least Windows Server 2012 Machine 0 Network\D HKLM\Soft At least Windows Server 2012 Machine 0 Network\D HKLM\Soft At least Windows Server 2012 User 0 Windows HKCU\SOF At least W This policy setting controls the appearance of window animations such as those found when restoring Machine 0 Windows HKLM\SOF At least W This policy setting controls the appearance of window animations such as those found when restoring User 0 Windows HKCU\SOF Windows Server 2008 Machine 0 Windows HKLM\SOF Windows Server 2008 Machine 0 Windows HKLM\SOF At least Windows Server 2012 User 0 Windows HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState Machine 0 Windows HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState User 0 Windows HKCU\SOFT At least W This policy setting controls the ability to change the color of window frames. If you enable this policy setting Machine 0 Windows HKLM\SOFT At least W This policy setting controls the ability to change the color of window frames. If you enable this policy setting User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 User 0 Windows HKCU\soft At least Windows Server 2012 Machine 0 \Early La HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy User 0 Windows HKCU\Soft At least Windows Server 2012 User 0 Windows HKCU\Soft At least Windows Server 2012 User 1 Windows HKCU\Soft At least Windows Server 2012 R2 User 1 Windows HKCU\Soft At least Windows Server 2012 R2 User 1 Windows HKCU\Soft At least Windows Server 2012 R2 Machine 0 System HKLM\Soft At least This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting Machine 0 System\En HKLM\Soft At least This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting Machine 0 System\En HKLM\Soft At least This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting Machine 0 System\En HKLM\Soft At least This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting Machine 0 System\En HKLM\Soft At least This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting Machine 0 System\En HKLM\Soft At least This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting Machine 0 System\En HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy Machine 0 System\En HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled Machine 0 Windows C HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL

Machine 0 Windows C HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI User 0 Windows C HKCU\SOFT At least W This policy setting turns off Windows Error Reporting Machine 0 Windows C HKLM\SOFT At least W This policy setting turns off Windows Error Reporting Machine 0 Windows C HKLM\SOF At least W This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting User 0 Windows C HKCU\SOFT At least W This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting User 0 Windows C HKCU\SOFT At least W This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting User 0 Windows C HKCU\SOFT At least This policy setting determines whether Windows Error Reporting (WER) sends additional Machine 0 Windows C HKLM\SOFT At least This policy setting determines whether Windows Error Reporting (WER) sends additional User 0 Windows C HKCU\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 User 0 Windows C HKCU\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 User 1 Windows C HKCU\SOF This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products Machine 1 Windows C HKLM\SOF This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products Machine 0 Windows C HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone Machine 0 Windows C HKLM\Soft Windows S This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows S This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors Machine 0 Windows C HKLM\Soft Windows S This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer User 0 Windows C HKCU\Soft At least W This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue User 0 Windows C HKCU\SOFT At least W This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting User 0 Windows C HKCU\SOFT At least W This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting User 0 Windows C HKCU\SOFT At least W This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting Machine 0 HKLM\Soft At least W Machine 0 HKLM\Soft At least W Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine 0 Windows C HKLM\Soft At least W This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine 0 Windows C HKLM\Soft At least W This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine 0 Windows C HKLM\Soft At least W This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine 0 Windows C HKLM\Soft At least W This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine 0 Windows C HKLM\Soft At least W This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size

Machine 0 Windows C HKLM\Soft At least W This policy setting turns on logging.If you enable or do not configure this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine 0 Windows C HKLM\Soft At least W This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine 0 Windows C HKLM\Soft At least W This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This is the program that will be invoked when the user clicks the events.asp link. Machine 0 Windows HKLM\Soft At least W This specifies the command line parameters that will be passed to the events.asp program Machine 0 Windows HKLM\Soft At least W This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. User 0 Windows C HKCU\Soft At least W This policy setting configures File Explorer to always display the menu bar.Note: By default User 0 Windows C HKCU\Soft At least W This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios. Machine 0 Windows C HKLM\Soft At least Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Machine 0 Windows C HKLM\Soft At least W Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately Machine 0 Windows C HKLM\Soft At least Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Syst At least Windows Server 2012 Machine 0 Windows C HKLM\Syst At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled Machine 0 System\Fi HKLM\Sof At least Windows Server 2012 Machine 0 System\Fi HKLM\Soft At least Windows Server 2012 Machine 0 System\Fi HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState Machine 0 System\Fi HKLM\Syst Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. Machine 0 System\Fi HKLM\Syst Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files Machine 0 System\Fi HKLM\Syst Encrypting the page file prevents malicious users from reading data that has been paged to disk Machine 0 System\Fi HKLM\Syst These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility Machine 0 System\Fi HKLM\Syst Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0 Machine 0 System\Fi HKLM\Syst TXF deprecated features included savepoints User 0 System\Fol HKCU\Soft At least W This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs User 0 System\Fol HKCU\Soft At least This policy setting allows you to control whether all redirected shell folders User 0 System\Fol HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder Machine 0 System\Fol HKLM\Soft At least W This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs User 0 System\Fol HKCU\Soft At least Windows Server 2012 User 0 System\Fol HKCU\Soft At least Windows Server 2012 Machine 0 System\Fol HKLM\Soft At least Windows Server 2012 User 0 Windows C HKCU\Soft At least W This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane User 0 Windows C HKCU\Soft At least W Hides the Preview Pane in File Explorer.If you enable this policy setting Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled Machine 0 Windows HKLM\Sof At least W Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting Machine 0 Windows HKLM\Soft At least W Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting Machine 0 Windows HKLM\Sof At least W Manages download of game update information from Windows Metadata Services.If you enable this setting User 0 System\Loc HKCU\Soft At least W This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales Machine 0 System\Loc HKLM\Soft At least W This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales Machine 0 System\Loc HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales Machine 0 System\Loc HKLM\Soft At least Windows Server 2012

User 0 System\Loc HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales Machine 0 System\Loc HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales User 0 System\Loc HKCU\Soft At least W This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting Machine 0 System\Loc HKLM\Soft At least W This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting User 0 System\Loc HKCU\Soft At least W This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides Machine 0 System\Loc HKLM\Soft At least W This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides User 0 Control P HKCU\Soft At least W This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not User 0 Control P HKCU\Soft At least W This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting User 0 Control P HKCU\Soft At least W This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting User 0 Control P HKCU\Soft At least W This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting Machine 0 Control P HKLM\Soft At least W This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting User 0 Control P HKCU\Soft At least W This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting Machine 0 Control P HKLM\Soft At least W This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting User 0 Control P HKCU\Soft At least This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer User 0 Control P HKCU\Soft At least W This policy turns off the offer text predictions as I type option. This does not User 0 Control P HKCU\Soft At least W This policy turns off the insert a space after selecting a text prediction option. This does not User 0 Control P HKCU\Soft At least W This policy turns off the autocorrect misspelled words option. This does not User 0 Control P HKCU\Soft At least W This policy turns off the highlight misspelled words option. This does not Machine 0 Control P HKLM\Soft At least Windows Server 2012 User 0 System HKCU\Soft At least This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly User 0 Control P HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection Machine 0 Control P HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection Machine 0 System\Gr HKLM\Soft At least This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default Machine 1 System\Gr HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization Machine 1 System\Gr HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay Machine 0 System\Gr HKLM\Soft At least Windows Server 2012 Machine 0 System\Gr HKLM\Soft At least Windows Server 2012 Machine 0 System\Gr HKLM\Soft At least Windows Server 2012 Machine 0 System\Gr HKLM\Soft At least W This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is Machine 0 System\Gr HKLM\Soft At least W This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default Machine 0 System\Gr HKLM\Soft At least W This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous Machine 0 System\Gr HKLM\Soft At least This policy setting allows user-based policy processing Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink User 0 System\Gr HKCU\Soft At least This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default Machine 0 System\Gr HKLM\Soft At least This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default User 0 System\Gr HKCU\Soft Windows Server 2003 Machine 0 System\Gr HKLM\Soft At least This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers Machine 0 System\Gr HKLM\Sof At least This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting

User 0 System\Gr HKCU\Soft At least This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings User 0 System\Gr HKCU\Soft At least This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting User 0 System\Gr HKCU\Soft At least This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC User 0 System\Gr HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime User 0 System\Gr HKCU\Soft At least This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured User 0 System\Gr HKCU\Soft At least This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting Machine 0 System\Gr HKLM\Soft Windows S This policy setting lets you always use local ADM files for the Group Policy snap-in.By default Machine 0 System\Gr HKLM\Soft At least This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied Machine 0 System\Gr HKLM\Soft At least This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers Machine 0 System\Gr HKLM\Soft At least Windows Server 2012 Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink

Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink Machine 0 System\Gr HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Sof At least This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited User 0 Windows C HKCU\Soft At least This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited Machine 0 System HKLM\Soft At least I This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively User 0 System HKCU\Soft At least This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting Machine 0 System HKLM\Soft At least This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting Machine 0 System HKLM\Soft At least This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting specifies whether active content links in trusted assistance content are rendered. By default User 0 System\In HKCU\Soft At least W This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting User 0 System\In HKCU\Soft At least W This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting User 0 System\In HKCU\Soft At least W This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting Machine 0 Network\H HKLM\Soft At least Windows Server 2012 User 0 System\In HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication Machine 0 System\In HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication Machine 0 System\In HKLM\Soft At least This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically User 0 System\In HKCU\Soft At least W This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting Machine 0 System\In HKLM\Soft At least This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting User 0 System\In HKCU\Soft At least W This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing Machine 0 System\In HKLM\Soft At least This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing Machine 0 System\In HKLM\Soft Windows Server 2008 Machine 0 System\In HKLM\Soft At least This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition Machine 0 System\In HKLM\Soft At least This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center Machine 0 System\In HKLM\Soft At least This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products Machine 0 System\In HKLM\Soft At least This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting Machine 0 System\In HKLM\Soft At least This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting Machine 0 System\In HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport Machine 0 System\In HKLM\Sof At least Windows Server 2003 operating systems

Machine 0 System\In HKLM\Soft At least This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet User 0 System\In HKCU\Soft Windows Server 2008 Machine 0 System\In HKLM\Soft Windows Server 2008 User 0 System\In HKCU\Soft At least Windows Server 2012 Machine 0 System\In HKLM\Soft At least Windows Server 2012 User 0 System\In HKCU\Soft At least This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default Machine 0 System\In HKLM\Soft At least This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default User 0 System\In HKCU\Soft At least This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting Machine 0 System\In HKLM\Soft At least This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting User 0 System\In HKCU\Soft At least This policy setting specifies whether the tasks "Publish this file to the Web Machine 0 System\In HKLM\Soft At least This policy setting specifies whether the tasks "Publish this file to the Web User 0 System\In HKCU\Soft At least This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program Machine 0 System\In HKLM\Soft At least This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program Machine 0 System\In HKLM\Soft At least W This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name Machine 0 System\In HKLM\Soft At least W This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level Machine 0 Windows C HKLM\Soft Windows S "This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A} User 0 Windows C HKCU\Soft At least I Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site User 0 Windows C HKCU\Soft At least I This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features User 0 Windows C HKCU\Soft At least I Designates Shockwave flash as an administrator approved control.If you enable this policy User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93} User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67} User 0 Windows C HKCU\Soft At least I Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy User 0 Windows C HKCU\Soft At least I Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy User 0 Windows C HKCU\Soft At least I Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy User 0 Windows C HKCU\Soft At least I Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy User 0 Windows C HKCU\Soft At least I Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy User 0 Windows C HKCU\Soft At least I Designates Microsoft Survey Control as an administrator approved control.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer preemptively loads websites and content in the background User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer preemptively loads websites and content in the background Machine 1 Windows C HKLM\Soft At least I This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting User 1 Windows C HKCU\Soft At least I This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting Machine 0 Windows C HKLM\Sof At least I This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting User 0 Windows C HKCU\Sof At least I This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality Machine 0 Windows C HKLM\Soft At least I Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 User 0 Windows C HKCU\Soft At least I Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control User 0 Windows C HKCU\Soft At least I This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least I This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting User 0 Windows C HKCU\SOFT At least I This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least I This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting User 0 Windows C HKCU\SOFT At least I This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting Machine 1 Windows C HKLM\SOFT At least I This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression User 1 Windows C HKCU\SOFT At least I This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether software User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether software Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting User 0 Windows C HKCU\Softw Only Inter This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer Machine 0 Windows C HKLM\Soft At least I This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting User 0 Windows C HKCU\SOFT At least I This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting User 0 Windows C HKCU\SOFT Only Inter This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default Machine 0 Windows C HKLM\Soft At least I This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on your script debugger User 0 Windows C HKCU\Softw At least I This policy setting specifies whether User 0 Windows C HKCU\Soft Only Inter This policy setting specifies if User 0 Windows C HKCU\Soft At least I This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default User 0 Windows C HKCU\Soft At least I This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting

Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether phone numbers are recognized and turned into hyperlinks User 1 Windows C HKCU\Soft At least I This policy setting determines whether phone numbers are recognized and turned into hyperlinks User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize User 0 Windows C HKCU\Soft Only Inter Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer User 0 Windows C HKCU\Soft Only Inter Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing User 0 Windows C HKCU\Soft Only Inter Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents users from adding User 0 Windows C HKCU\Softw Only Inter Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing User 0 Windows C HKCU\Soft Only Inter Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing User 0 Windows C HKCU\Soft Only Inter Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing User 0 Windows C HKCU\Soft Only Inter Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize Machine 0 Windows C HKLM\Soft At least I Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy User 0 Windows C HKCU\Soft At least I Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy User 0 Windows C HKCU\Soft At least I Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I If you enable this policy setting User 0 Windows C HKCU\Soft At least I If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy User 0 Windows C HKCU\Soft At least I Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy User 0 Windows C HKCU\Soft At least I Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy User 0 Windows C HKCU\Soft At least I Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy User 0 Windows C HKCU\Soft At least I Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" User 0 Windows C HKCU\Soft At least I This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8) User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page User 0 Windows C HKCU\Soft At least I This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed Machine 0 Windows C HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID User 0 Windows C HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls User 0 Windows C HKCU\Soft At least I This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls Machine 0 Windows C HKLM\Sof At least I This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default User 0 Windows C HKCU\Sof At least I This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT

User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default Machine 0 Windows C HKLM\Soft At least I Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS Machine 0 Windows C HKLM\Soft At least I Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example User 0 Windows C HKCU\Soft At least I Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND Machine 0 Windows C HKLM\Sof At least I Internet Explorer places zone restrictions on each Web page it opens User 0 Windows C HKCU\Soft At least I Internet Explorer places zone restrictions on each Web page it opens Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING Machine 0 Windows C HKLM\Soft At least I The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting User 0 Windows C HKCU\Soft At least I The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL Machine 0 Windows C HKLM\Soft At least I Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN Machine 0 Windows C HKLM\Soft At least I This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting

User 0 Windows C HKCU\Soft At least I This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING Machine 0 Windows C HKLM\Soft At least I Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet User 0 Windows C HKCU\Soft At least I Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION Machine 0 Windows Co HKLM\Soft At least I This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting User 0 Windows Co HKCU\Soft At least I This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting Machine 0 Windows Co HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) User 0 Windows Co HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) Machine 0 Windows Co HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL User 0 Windows Co HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL Machine 0 Windows C HKLM\Soft At least I This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD Machine 0 Windows C HKLM\Soft At least I Internet Explorer allows scripts to programmatically open User 0 Windows C HKCU\Soft At least I Internet Explorer allows scripts to programmatically open Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions User 1 Windows C HKCU\Soft At least I This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions Machine 0 Windows C HKLM\Soft At least I This policy setting turns off Automatic Crash Recovery.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting turns off Automatic Crash Recovery.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting

User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally User 0 Windows C HKCU\Soft At least I This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on or turn off the earlier menus (for example User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on or turn off the earlier menus (for example Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents automatic proxy scripts User 0 Windows C HKCU\Soft At least I Prevents branding of Internet programs User 0 Windows C HKCU\Soft At least I Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy Machine 0 Windows C HKLM\Softw At least I This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting User 0 Windows C HKCU\Softw Only Inter This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows the user to enable the SmartScreen Filter User 0 Windows C HKCU\Softw At least I This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus Machine 0 Windows C HKLM\Soft At least I This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser User 0 Windows C HKCU\Soft At least I This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting Machine 0 Windows C HKLM\Softw At least I This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 User 0 Windows C HKCU\Soft At least I This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 Machine 0 Windows C HKLM\Soft At least I This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting Machine 0 Windows C HKLM\Softw At least I This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files User 0 Windows C HKCU\Soft At least I This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files Machine 0 Windows C HKLM\Soft At least I This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available User 0 Windows C HKCU\Soft Only Inter This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting Machine 0 Windows C HKLM\Softw Only Inter Prevents Internet Explorer from automatically installing components.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low User 0 Windows C HKCU\Soft At least I This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft Internet E This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft Internet E This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy Machine 0 Windows C HKLM\Soft Internet E This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 User 0 Windows C HKCU\Soft Internet E This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow User 0 Windows C HKCU\Softw At least I If you enable this policy

Machine 0 Windows C HKLM\Soft At least I This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents users from changing the browser cache settings User 0 Windows C HKCU\Soft At least I Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy User 0 Windows C HKCU\Softw At least I Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents users from changing the default Web page colors.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from changing dial-up settings.If you enable this policy Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings User 0 Windows C HKCU\Soft At least I Prevents users from running the Internet Connection Wizard.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from changing font settings.If you enable this policy User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage Machine 0 Windows C HKLM\Soft At least I Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents users from changing language preference settings.If you enable this policy User 0 Windows C HKCU\Softw At least I Prevents users from changing the colors of links on Web pages.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from changing the default programs for messaging tasks.If you enable this policy Machine 0 Windows C HKLM\Softw At least I You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting User 0 Windows C HKCU\Softw At least I You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Softw Only Inter Prevents users from changing Profile Assistant settings.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting specifies if a user can change proxy settings.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies if a user can change proxy settings.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents users from restoring default settings for home and search pages.If you enable this policy Machine 0 Windows C HKLM\Softw Only Inter This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history User 0 Windows C HKCU\Softw Only Inter This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history Machine 0 Windows C HKLM\Soft At least I This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting User 0 Windows C HKCU\Softw Only Inter Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy Machine 0 Windows C HKLM\Soft At least I Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy Machine 0 Windows C HKLM\Soft Only Inter Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally User 0 Windows C HKCU\Soft At least I This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting

User 0 Windows C HKCU\Soft At least I This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I Applies proxy settings to all users of the same computer.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent

Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey Machine 0 Windows C HKLM\Soft At least I This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings User 0 Windows C HKCU\Soft At least I This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent

Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User 0 Windows C HKCU\Soft At least I This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User 0 Windows C HKCU\Soft At least I This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

TRUETRUE

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting

Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User 0 Windows C HKCU\Soft At least I This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User 0 Windows C HKCU\Soft At least I This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine 1 Windows C HKLM\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User 1 Windows C HKCU\Soft At least I This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage the preservation of information in the browser's history

Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether Web sites from less privileged zones User 0 Windows Co HKCU\Soft At least I This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting User 0 Windows Co HKCU\Soft At least I This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users User 0 Windows Co HKCU\Softw At least I This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users User 0 Windows Co HKCU\Soft At least I This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from saving the complete contents that are displayed on or run from a Web page User 0 Windows C HKCU\Soft At least I Prevents users from opening a new browser window from the File menu.If this policy is enabled User 0 Windows C HKCU\Soft At least I Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy User 0 Windows C HKCU\Soft Only Inter Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8 User 0 Windows C HKCU\Softw At least I Prevents users from adding User 0 Windows C HKCU\Soft At least I Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy Machine 0 Windows C HKLM\Softw At least I This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 User 0 Windows C HKCU\Softw At least I This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 User 0 Windows C HKCU\Soft At least I Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from displaying the browser in full-screen (kiosk) mode User 0 Windows C HKCU\Soft At least I Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy User 0 Windows C HKCU\Soft At least I This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether graphical images are included when pages are displayed.Sometimes Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting User 0 Windows C HKCU\SOFT At least I This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DomainLimit User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DomainLimit User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DomainLimit User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DomainLimit User 0 Windows C HKCU\Soft At least I This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing Machine 0 Windows HKLM\Soft At least I This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting User 0 Windows HKCU\Soft At least I This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting Machine 0 Windows HKLM\Soft At least I This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting User 0 Windows HKCU\Soft At least I This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting Machine 0 Windows HKLM\Soft At least I This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting User 0 Windows HKCU\Soft At least I This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting Machine 0 Windows HKLM\Soft At least I This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting User 0 Windows HKCU\Soft At least I This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting Machine 0 Windows HKLM\Soft At least I This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting User 0 Windows HKCU\Soft At least I This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting

Machine 0 Windows HKLM\Soft At least I This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting User 0 Windows HKCU\Soft At least I This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete User 0 Windows C HKCU\Soft At least I This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) Machine 0 Windows C HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt User 0 Windows C HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt Machine 0 Windows C HKLM\Soft At least I This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: â€¢ Disable top result search: When a user performs a search in the Address bar User 0 Windows C HKCU\Soft At least I This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: â€¢ Disable top result search: When a user performs a search in the Address bar Machine 0 Windows C HKLM\Soft At least I This policy setting allows the user to run natively implemented User 0 Windows C HKCU\Soft At least I This policy setting allows the user to run natively implemented Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008 Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button User 0 Windows C HKCU\Soft At least I This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 User 0 Windows C HKCU\Soft At least I This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 Machine 0 Windows C HKLM\Soft At least I The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also User 0 Windows C HKCU\Soft At least I The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least I Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy User 0 Windows C HKCU\Soft At least I Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy User 0 Windows C HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to show or hide the Command bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to show or hide the Command bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to show or hide the status bar.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to show or hide the status bar.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to choose among three different labels for command buttons: show all text labels

User 0 Windows C HKCU\Soft At least I This policy setting allows you to choose among three different labels for command buttons: show all text labels Machine 0 Windows C HKLM\Soft At least I This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage where tabs are displayed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage where tabs are displayed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the Suggested Sites feature User 0 Windows C HKCU\Soft At least I This policy setting controls the Suggested Sites feature Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies User 0 Windows C HKCU\Soft At least I This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default User 0 Windows C HKCU\Softw At least I This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content Machine 0 Windows C HKLM\Soft Only Inter This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However User 0 Windows C HKCU\Soft Only Inter This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However Machine 0 Windows C HKLM\Softw Only Inter This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting User 0 Windows C HKCU\Softw Only Inter This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However User 0 Windows C HKCU\Soft At least I This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting allows you to add non-default Accelerators.If you enable this policy setting Machine 0 Windows C HKLM\Softw At least I This policy setting allows you to add non-default Accelerators.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting allows you to add default Accelerators.If you enable this policy setting Machine 0 Windows C HKLM\Softw At least I This policy setting allows you to add default Accelerators.If you enable this policy setting Machine 0 Windows C HKLM\Softw At least I This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting Machine 0 Windows C HKLM\Softw At least I This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting User 0 Windows C HKCU\Softw At least I This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting Machine 0 Windows C HKLM\Soft Internet E This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft Internet E This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting controls the Compatibility View feature User 0 Windows C HKCU\Soft At least I This policy setting controls the Compatibility View feature Machine 0 Windows C HKLM\Soft At least I This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting Machine 0 Windows C HKLM\Soft Internet E This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting User 0 Windows C HKCU\Soft Internet E This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting

User 0 Windows C HKCU\Soft At least I Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed User 0 Windows C HKCU\Soft At least I This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed Machine 0 Windows C HKLM\Soft At least I This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting User 0 Windows C HKCU\Soft At least I This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain� User 0 Windows C HKCU\Soft At least I This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain� Machine 0 Windows C HKLM\Soft At least I This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting User 0 Windows C HKCU\Soft At least I This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain� User 0 Windows C HKCU\Soft At least I This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain� Machine 0 Windows C HKLM\Soft At least I This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting User 0 Windows C HKCU\Soft At least I This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit User 0 Windows C HKCU\Soft At least I This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit Machine 0 Windows C HKLM\Soft At least I This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed User 0 Windows C HKCU\Soft At least I This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed Machine 0 Windows C HKLM\Soft At least I This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size User 0 Windows C HKCU\Soft At least I This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size Machine 0 Windows C HKLM\Soft At least I This policy setting configures what Internet Explorer displays when a new browsing session is started. By default User 0 Windows C HKCU\Soft At least I This policy setting configures what Internet Explorer displays when a new browsing session is started. By default Machine 0 Windows C HKLM\Soft At least I This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting User 0 Windows C HKCU\Soft At least I This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least I This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide User 0 Windows C HKCU\Soft At least I This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide Machine 0 Windows C HKLM\Soft At least I This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting User 0 System\In HKCU\Soft At least W Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Machine 0 System\In HKLM\Soft At least W Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Machine 0 System\iSC HKLM\Soft At least W If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. Machine 0 System\iSC HKLM\Soft At least W If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. Machine 0 System\iSC HKLM\Soft At least W If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. Machine 0 System\iSC HKLM\Soft At least W If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. Machine 0 System\iSC HKLM\Soft At least W If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. Machine 0 System\iSC HKLM\Soft At least W If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established. Machine 0 System\iSC HKLM\Soft At least W If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. Machine 0 System\iSC HKLM\Soft At least W If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. Machine 0 System\iSC HKLM\Soft At least W If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established. Machine 0 System\iSC HKLM\Soft At least W If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. Machine 0 System\KD HKLM\Soft At least W This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting Machine 0 System\KD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch

TRUE Machine 0 System\KD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold

Machine 0 System\Ke HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled Machine 0 System\Ke HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled Machine 0 System\Ke HKLM\Soft At least W This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting Machine 0 System\Ke HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch Machine 0 System\Ke HKLM\Soft At least This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN) Machine 0 System\Ke HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled Machine 0 System\Ke HKLM\Soft At least Windows Server 2012 Machine 0 System\Ke HKLM\Soft At least Windows Server 2012 Machine 0 System\Ke HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled Machine 0 System\Ke HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize

TRUE Machine 0 Network\L HKLM\Soft At least This policy setting specifies whether a hash generation service generates hashes Machine 0 Network\L HKLM\Soft At least Windows Server 2012 Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled Machine 0 Network\L HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableLLTDIO Machine 0 Network\L HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableRspndr Machine 0 Windows C HKLM\Soft At least Windows Server 2012 User 0 System\Lo HKCU\Soft At least This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista Machine 0 System\Lo HKLM\Soft At least This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista User 0 System\Lo HKCU\Soft At least This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting Machine 0 System\Lo HKLM\Soft At least This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting Machine 0 System\Lo HKLM\Soft At least This policy setting forces the user to log on to the computer using the classic logon screen. By default Machine 0 System\Lo HKLM\Soft Windows 2 This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting User 0 System\Lo HKCU\Soft At least This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting Machine 0 System\Lo HKLM\Soft At least This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting Machine 0 System\Lo HKLM\Soft At least This policy setting determines whether Group Policy processing is synchronous (that is Machine 0 System HKLM\Soft Windows Server 2003 User 0 System HKCU\Soft Windows 2 This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting Machine 0 System HKLM\Soft At least This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting Machine 0 System\Lo HKLM\Soft At least W This policy setting allows you to hide the Switch User interface in the Logon UI Machine 0 System\Lo HKLM\Soft At least W This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup Machine 0 System\Lo HKLM\Soft At least Windows Server 2012 Machine 0 System\Lo HKLM\Sof Windows S This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting Machine 0 System\Lo HKLM\Soft At least Windows Server 2012 Machine 0 System\Lo HKLM\Soft At least Windows Server 2012 Machine 0 System\Lo HKLM\Soft At least Windows Server 2012 User 0 Windows HKCU\Soft At least W This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos Machine 0 Windows HKLM\Soft At least W This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos User 0 Windows HKCU\Soft At least Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode User 0 Windows HKCU\Soft At least Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting User 0 Windows C HKCU\Soft At least Permits or prohibits use of this snap-in.If you enable this setting User 0 Windows C HKCU\Soft At least Permits or prohibits use of this snap-in.If you enable this setting User 0 Windows C HKCU\Soft At least Permits or prohibits use of this snap-in.If you enable this setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Sof At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Sof At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run User 0 Windows C HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Sof At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Sof At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft Windows S This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

User 0 Windows C HKCU\Soft At least W This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting turns off Windows Mobility Center.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting turns off Windows Mobility Center.If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting turns off Windows presentation settings.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting turns off Windows presentation settings.If you enable this policy setting Machine 0 Windows HKLM\Soft This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized Machine 0 Windows HKLM\Soft This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled Machine 0 System\Tr HKLM\SOFT At least This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled Machine 0 Windows C HKLM\Soft At least This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows users to patch elevated products.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting prevents users from installing any programs from removable media.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting restricts the use of Windows Installer.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users Machine 0 Windows C HKLM\Soft Microsoft This policy setting allows you to configure user installs. To configure this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting Machine 0 Windows C HKLM\Soft Windows In This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 Machine 0 Windows C HKLM\Soft At least Specifies the types of events that Windows Installer records in its transaction log for each installation. The log Machine 0 Windows C HKLM\Soft At least This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting

User 0 Windows C HKCU\Soft At least This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting Machine 0 Windows C HKLM\Soft This policy setting controls the ability to turn off shared components.If you enable this policy setting Machine 0 Windows C HKLM\Soft This policy setting controls the ability to prevent embedded UI.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting Machine 0 \DirectAcc HKLM\SOFT Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator Machine 0 \DirectAcc HKLM\SOFT Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example Machine 0 \DirectAcc HKLM\SOFT Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Machine 0 \DirectAcc HKLM\SOFT Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option Machine 0 \DirectAcc HKLM\SOFT Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured Machine 0 \DirectAcc HKLM\SOFT Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is â€œPING:â€ followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address� Machine 0 \DirectAcc HKLM\SOFT Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default Machine 0 \DirectAcc HKLM\SOF Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. Machine 0 Network\N HKLM\Soft At least This policy setting enables you to specify the URL of the corporate website Machine 0 Network\N HKLM\Soft At least This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. Machine 0 Network\N HKLM\Soft At least This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. Machine 0 Network\N HKLM\Soft At least This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. Machine 0 Network\N HKLM\Soft At least This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. Machine 0 Network\N HKLM\Soft At least Windows Server 2012 Machine 0 System\Ne HKLM\Soft At least This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clientâ€™s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting Machine 0 System\Ne HKLM\Soft At least This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey Machine 0 System\Ne HKLM\Soft At least This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example Machine 0 System\Ne HKLM\Soft At least This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example Machine 0 System\Ne HKLM\Soft At least This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the additional time for the computer to wait for the domain controllerâ€™s (DC) response when logging on to the network.To specify the expected dial-up delay at logon Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting Machine 0 System\Ne HKLM\Soft At least This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting Machine 0 System\Ne HKLM\Soft At least This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs Machine 0 System\Ne HKLM\Soft At least This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting Machine 0 System\Ne HKLM\Soft At least This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled Machine 0 System\Ne HKLM\Soft At least This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default

TRUE Machine 0 System\Ne HKLM\Soft At least This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service Machine 0 System\Ne HKLM\Soft At least This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV recordâ€™s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific Machine 0 System\Ne HKLM\Soft At least This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides Machine 0 System\Ne HKLM\Soft At least This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting Machine 0 System\Ne HKLM\Soft At least W This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites Machine 0 System\Ne HKLM\Soft At least W This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller Machine 0 System\Ne HKLM\Soft At least W This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6

Machine 0 System\Ne HKLM\Soft At least W This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later Machine 0 System\Ne HKLM\Soft At least W This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name Machine 0 System\Ne HKLM\Soft At least Windows Server 2012 Machine 0 System\Ne HKLM\Soft At least Windows Server 2012 Machine 0 System\Ne HKLM\Soft At least Windows Server 2012 User 0 Network\N HKCU\Sof Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 Machine 0 Network\N HKLM\Soft At least Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft Windows Server 2003 User 0 Network\N HKCU\Soft At least W Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) User 0 Network\N HKCU\Soft At least W Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) User 0 Network\N HKCU\Soft Windows S Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional User 0 Network\N HKCU\Soft Microsoft This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft Windows Server 2003 User 0 Network\N HKCU\Soft At least W Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 Machine 0 Network\N HKLM\Soft Windows S Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection User 0 Network\N HKCU\Soft At least W Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft At least W Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) User 0 Network\N HKCU\Soft At least W Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection User 0 Network\N HKCU\Soft Windows Server 2003 User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft Windows Server 2003 User 0 Network\N HKCU\Sof At least W Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection Machine 0 Network\N HKLM\Soft Microsoft Windows Server 2003 User 0 Network\N HKCU\Soft Microsoft Windows Server 2003 Machine 0 Network\N HKLM\Soft At least This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting Machine 0 Network\N HKLM\Soft At least Specifies whether or not the "local access only" network icon will be shown.When enabled Machine 0 Network\N HKLM\Soft At least This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess Machine 0 Network\N HKLM\SOFT At least Windows Server 2012 Machine 0 Network\N HKLM\SOFT At least Windows Server 2012 Machine 0 Network\N HKLM\SOFT At least Windows Server 2012 Machine 0 Network\N HKLM\SOFT At least Windows Server 2012 Machine 0 Network\N HKLM\SOFT At least Windows Server 2012 User 0 Windows C HKCU\Soft At least W This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft At least This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting Machine 0 Network\Of HKLM\Soft At least This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft At least This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting

Machine 0 Network\Of HKLM\Soft At least Windows Server 2003 operating systems Service Pack 1 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft At least This policy setting prevents users from making network files and folders available offline.If you enable this policy setting Machine 0 Network\Of HKLM\Soft At least This policy setting prevents users from making network files and folders available offline.If you enable this policy setting User 0 Network\Of HKCU\Soft At least This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting Machine 0 Network\Of HKLM\Soft At least This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003

TRUE User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows X Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 User 0 Network\Of HKCU\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft Windows Server 2003 Machine 0 Network\Of HKLM\Soft At least W This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting Machine 0 Network\Of HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled Machine 0 Network\Of HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit Machine 0 Network\Of HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled Machine 0 Network\Of HKLM\Soft At least This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached Machine 0 Network\Of HKLM\Soft At least This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting User 0 Network\Of HKCU\Soft At least Windows Server 2012 Machine 0 Network\Of HKLM\Soft At least Windows Server 2012 Machine 0 Network\Of HKLM\Soft At least Windows Server 2012 Machine 0 Network\M HKLM\Soft At least W This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety Machine 0 Network\M HKLM\Soft At least W This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is Machine 0 Network\M HKLM\Soft At least W This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name Machine 0 Network\M HKLM\Soft At least W This policy setting limits a node to resolving Machine 0 Network\M HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer Machine 0 Network\M HKLM\Soft At least W This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is Machine 0 Network\M HKLM\Soft At least W This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name Machine 0 Network\M HKLM\Soft At least W This policy setting limits a node to resolving Machine 0 Network\M HKLM\Soft At least W This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol

Machine 0 Network\M HKLM\Soft At least W This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is Machine 0 Network\M HKLM\Soft At least W This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name Machine 0 Network\M HKLM\Soft At least W This policy setting limits a node to resolving Machine 0 Network\M HKLM\Soft At least W This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol Machine 0 Network\M HKLM\Soft At least W By default Machine 0 Windows C HKLM\Soft At least W This policy setting allows you to configure the Family Safety feature.If you enable this policy setting Machine 0 System\Tro HKLM\Soft At least Windows Server 2012 Machine 0 System\Tro HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled Machine 0 System\Tro HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled Machine 0 System\Tro HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled Machine 0 System\Tro HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled Machine 0 System\Tro HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled Machine 0 System\Tro HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled Machine 0 Network\B HKLM\SOFT At least This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting Machine 0 Network\B HKLM\SOFT At least This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting Machine 0 Network\B HKLM\SOFT At least This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy Machine 0 Network\B HKLM\SOFT At least This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy Machine 0 Network\B HKLM\Soft At least This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting Machine 0 Network\B HKLM\SOFT At least Windows Server 2012 Machine 0 Network\B HKLM\SOFT At least Windows Server 2012 Machine 0 Network\B HKLM\SOFT At least Windows Server 2012 Machine 0 Network\B HKLM\SOFT At least Windows Server 2012 User 0 Windows C HKCU\SOFT Windows V Turns off Tablet PC Pen Training.If you enable this policy setting Machine 0 Windows C HKLM\SOFT Windows V Turns off Tablet PC Pen Training.If you enable this policy setting Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine 0 System\Po HKLM\Soft Windows V This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine 0 System\Po HKLM\Soft Windows V This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting Machine 0 System\P HKLM\Soft At least W This policy setting specifies the active power plan from a specified power planâ€™s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg Machine 0 System\P HKLM\Soft At least W This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan User 0 System\P HKCU\Sof Windows Server 2003 Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting

Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to turn off hybrid sleep.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to turn off hybrid sleep.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computerâ€™s display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computerâ€™s display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least W This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting Machine 0 System HKLM\Soft At least This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting Machine 0 System\Po HKLM\Soft At least This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting Machine 0 \Windows HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts User 0 \Windows HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts Machine 0 \Windows HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging User 0 \Windows HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging Machine 0 \Windows HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath User 0 \Windows HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath User 0 Windows C HKCU\Soft Supported This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file Machine 0 Windows C HKLM\Soft Supported This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file User 0 Windows C HKCU\Soft Supported This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting Machine 0 Windows C HKLM\Soft Supported This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting User 0 Windows C HKCU\Soft Supported This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting Machine 0 Windows C HKLM\Soft Supported This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting User 0 Windows C HKCU\Soft At least W This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting User 0 Windows C HKCU\Soft At least W This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least W This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting User 0 Windows C HKCU\Soft Supported This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Machine 0 Windows C HKLM\Soft Supported This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Machine 0 Printers HKLM\Soft Windows 2 Internet printing lets you display printers on Web pages so that printers can be viewed

Machine 0 Printers HKLM\Soft At least Windows Server 2012 Machine 0 Printers HKLM\Soft Windows Server 2003 Machine 0 Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State User 0 Control Pa HKCU\Soft At least Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it Machine 0 Printers HKLM\Soft At least W When printing through a print server Machine 0 Printers HKLM\Soft At least Windows Server 2012 User 0 Control Pa HKCU\Soft Windows Server 2003 Machine 0 Printers HKLM\Soft Windows Server 2003 User 0 Control Pa HKCU\Soft At least Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled User 0 Control Pa HKCU\Soft At least If this policy setting is enabled Machine 0 Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State User 0 Control Pa HKCU\Soft Windows S This policy restricts clients computers to use package point and print only.If this setting is enabled User 0 Control Pa HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList Machine 0 Printers HKLM\Soft At least W This policy restricts clients computers to use package point and print only.If this setting is enabled Machine 0 Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList Machine 0 Printers HKLM\Soft At least If this policy setting is enabled Machine 0 Printers HKLM\Soft At least Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting User 0 Control Pa HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted Machine 0 Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted User 0 Control Pa HKCU\Soft At least Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting Machine 0 Printers HKLM\Soft At least Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory Machine 0 Printers HKLM\Soft At least This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes) Machine 0 Printers HKLM\Soft At least This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process Machine 0 Printers HKLM\Soft At least This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting Machine 0 Printers HKLM\Soft At least Windows Server 2012 Machine 0 Printers HKLM\Sof At least Windows Server 2012 Machine 0 Printers HKLM\Soft At least This policy controls whether the print spooler will accept client connections.When the policy is unconfigured Machine 0 Printers HKLM\Soft Windows Server 2003 Machine 0 Printers HKLM\Soft At least Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond Machine 0 Printers HKLM\Soft At least Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally Machine 0 Printers HKLM\Soft At least Sets the priority of the pruning thread. The pruning thread Machine 0 Printers HKLM\Soft At least Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Machine 0 Printers HKLM\Soft At least Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt Machine 0 Printers HKLM\Soft At least Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it Machine 0 Printers HKLM\Soft At least Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default Machine 0 Printers HKLM\Soft At least Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default User 0 Control P HKCU\Soft At least W This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall User 0 Control P HKCU\Soft At least W This setting prevents users from accessing "Programs and Features" to view User 0 Control P HKCU\Soft At least W This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured User 0 Control P HKCU\Soft At least W This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result User 0 Control P HKCU\Soft Windows V This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View User 0 Control P HKCU\Soft At least W Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View User 0 Control P HKCU\Soft At least W This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View Machine 0 Windows C HKLM\Soft At least This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state Machine 0 Windows C HKLM\Soft At least This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting

Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit Machine 0 Network\Q HKLM\Soft At least Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default Machine 0 Network\Q HKLM\Soft At least Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine 0 Network\Q HKLM\Soft At least Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine 0 Windows C HKLM\SOFT At least This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled Machine 0 System\Re HKLM\SOF Windows S Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting Machine 0 System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled Machine 0 Windows C HKLM\Soft Windows S This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting Machine 0 System HKLM\Soft Windows S This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting Machine 0 System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn Machine 0 System\Re HKLM\Soft At least W This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting Machine 0 System\Re HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization Machine 0 System\Re HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages Machine 0 System\Re HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp Machine 0 System\Re HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited User 0 System\Re HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state Machine 0 System\Re HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state User 0 System\Re HKCU\Soft At least W This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting User 0 System\Re HKCU\Soft At least W This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting User 0 System\Re HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read Machine 0 System\Re HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read User 0 System\Re HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write Machine 0 System\Re HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write User 0 System\Re HKCU\Soft At least W This policy setting denies read access to the Floppy Drives removable storage class Machine 0 System\Re HKLM\Soft At least W This policy setting denies read access to the Floppy Drives removable storage class User 0 System\Re HKCU\Soft At least W This policy setting denies write access to the Floppy Drives removable storage class Machine 0 System\Re HKLM\Soft At least W This policy setting denies write access to the Floppy Drives removable storage class Machine 0 System\Re HKLM\Soft At least This policy setting denies execute access to the Floppy Drives removable storage class User 0 System\Re HKCU\Soft At least W This policy setting denies read access to removable disks.If you enable this policy setting

Machine 0 System\Re HKLM\Soft At least W This policy setting denies read access to removable disks.If you enable this policy setting User 0 System\Re HKCU\Soft At least W This policy setting denies write access to removable disks.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting denies write access to removable disks.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least This policy setting denies execute access to removable disks.If you enable this policy setting User 0 System\Re HKCU\Soft At least W Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes Machine 0 System\Re HKLM\Soft At least W Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes User 0 System\Re HKCU\Soft At least W This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting User 0 System\Re HKCU\Soft At least W This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting User 0 System\Re HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read Machine 0 System\Re HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read User 0 System\Re HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write Machine 0 System\Re HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write Machine 0 System\Re HKLM\Soft At least W This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting Machine 0 System\Re HKLM\Soft At least W This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting Machine 0 System\Re HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation Machine 0 System\Re HKLM\Soft At least This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases Machine 0 System\Re HKLM\Soft At least W This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting Machine 0 System\Re HKLM\Soft At least This policy setting determines whether the RPC Runtime maintains RPC state information for the system Machine 0 System\Scr HKLM\Soft At least This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon User 0 System\Scr HKCU\Soft At least This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default User 0 System\Scr HKCU\Soft At least This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default User 0 System\Scr HKCU\Soft At least This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting Machine 0 System\Scr HKLM\Soft At least This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting User 0 System\Scr HKCU\Soft At least This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default

TRUETRUETRUE

Machine 0 System\Scr HKLM\Soft At least This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default Machine 0 System\Scr HKLM\Soft At least This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default Machine 0 System\Scr HKLM\Soft At least This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default Machine 0 System\Scr HKLM\Soft At least W This policy setting allows user logon scripts to run when the logon cross-forest Machine 0 System\Tr HKLM\SOFT At least This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting Machine 0 System\Tr HKLM\SOFT At least This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting Machine 0 System\Tr HKLM\SOFT At least This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution Machine 0 \Search HKLM\SOF Any versi Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured User 0 \Search HKCU\SOF Any versi Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Machine 0 \Search HKLM\SOFT Microsoft Windows Vista Machine 0 \Search HKLM\SOFT Any versi If enabled Machine 0 \Search HKLM\SOF Any versi If enabled Machine 0 \Search HKLM\SOF Microsoft Windows XP Machine 0 \Search HKLM\SOFT Microsoft Windows XP User 0 \Search HKCU\SOFT Any versi If enabled Machine 0 \Search HKLM\SOFT Microsoft Windows Vista Machine 0 \Search HKLM\SOF Microsoft This policy setting determines when Windows uses automatic language detection results

Machine 1 \Search HKLM\SOFT Microsof This policy setting disables indexing of removable drives. Machine 1 \Search HKLM\SOF Microsof This policy setting allows you to control whether or not Search can perform queries on the web Machine 1 \Search HKLM\SOF Microsof This policy setting allows you to control whether or not Search can perform queries on the web over metered connections Machine 1 \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy Machine 1 \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch Machine 0 \Search HKLM\SOF Any versi This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting Machine 0 \Search HKLM\SOFT Microsoft Windows XP Machine 0 \Search HKLM\SOF Microsoft Windows Vista Machine 0 \Search HKLM\SOFT Microsoft If enabled Machine 0 \Search HKLM\SOF Microsoft Windows Vista Machine 0 \Search HKLM\SOFT Any versi Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example Machine 0 \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes Machine 0 \Search HKLM\SOFT Microsoft Windows Vista Machine 0 \Search HKLM\SOFT Microsoft Windows Vista Machine 0 \Search HKLM\SOF Microsoft Windows XP Machine 0 \Search HKLM\SOFT Microsoft Windows Vista Machine 0 \Search HKLM\SOFT Microsoft Windows Vista Machine 0 \Search HKLM\SOFT Microsoft Windows XP Machine 0 \Search HKLM\SOFT Microsoft Windows XP Machine 0 \Search HKLM\SOF Microsoft Windows XP Machine 0 \Search HKLM\SOFT Microsoft Windows XP Machine 0 \Search HKLM\SOF Microsoft Windows XP Machine 0 \Search HKLM\SOF Microsoft Windows XP Machine 0 \Search HKLM\SOF Microsoft Windows XP Machine 0 \Search HKLM\SOFT Microsoft Windows XP User 0 \Search HKCU\SOFT Any versi If you enable this policy setting Machine 0 \Search HKLM\SOFT Microsoft Windows XP User 0 \Search HKCU\SOFT Any versi Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis Machine 0 \Search HKLM\SOFT Microsoft Windows XP User 0 \Search HKCU\SOFT Any versi Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis Machine 0 \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0 User 0 \Search HKCU\SOFT Microsoft This policy setting prevents search queries from being stored in the registry. If you enable this policy setting Machine 0 \OCR HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs Machine 0 \OCR HKLM\SOF Microsoft This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document Machine 0 Windows C HKLM\Soft At least This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on User 0 Windows C HKCU\Soft At least This policy setting turns off the sensor feature for this computer. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting turns off the sensor feature for this computer. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting turns off the location feature for this computer. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting turns off the location feature for this computer. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting turns off scripting for the location feature. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting turns off scripting for the location feature. If you enable this policy setting Machine 0 System\Se HKLM\Soft At least This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting Machine 0 System\Se HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled Machine 0 System\Se HKLM\Soft Windows S This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting Machine 0 System HKLM\Soft At least This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting Machine 0 System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync

Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync Machine 0 System HKLM\Soft At least Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting Machine 0 System HKLM\Soft At least Specifies an alternate location for Windows installation files.If you enable this policy setting Machine 0 System\In HKLM\Soft At least Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy User 0 System\In HKCU\Soft At least Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy User 0 Shared Fol HKCU\Soft At least This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting User 0 Shared Fol HKCU\Soft At least This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting User 0 Windows HKCU\Soft At least W This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting Machine 0 Windows HKLM\Sof At least This policy setting specifies whether users can add computers to a homegroup. By default User 0 System HKCU\Soft At least This policy setting prevents users from running the interactive command prompt User 0 System HKCU\Soft At least Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe User 0 System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun User 0 System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun User 0 Windows C HKCU\Soft Windows V This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting User 0 Windows HKCU\Soft Windows Server 2008 Machine 0 Windows HKLM\Soft Windows Server 2008 User 0 Windows HKCU\Soft Windows Server 2008 Machine 0 Windows HKLM\Soft Windows Server 2008 User 0 Windows HKCU\Soft Windows Server 2008 Machine 0 Windows HKLM\Soft Windows Server 2008 Machine 1 HKLM\Soft At least Windows Server 2012 R2 Machine 1 HKLM\Soft At least Windows Server 2012 R2 Machine 1 HKLM\Soft At least Windows Server 2012 R2 Machine 0 Windows HKLM\SOFT At least W This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista Machine 0 Windows HKLM\SOFT At least W This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting Machine 0 Windows HKLM\SOFT At least W This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period Machine 0 Windows HKLM\SOFT At least W This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting Machine 0 Windows HKLM\SOFT At least W This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting Machine 0 Windows HKLM\SOFT At least W This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows Machine 0 Windows HKLM\SOFT At least W This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting Machine 0 Windows HKLM\SOFT At least W This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. Machine 0 Windows HKLM\SOFT At least W This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. Machine 0 Windows HKLM\SOFT At least W This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting Machine 0 Windows HKLM\SOFT At least W This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example Machine 0 Windows HKLM\SOFT At least W This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting Machine 0 Windows HKLM\SOFT At least W This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain Machine 0 Windows HKLM\SOF At least This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting Machine 0 Windows HKLM\SOFT At least This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting Machine 0 Windows HKLM\SOFT At least This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state

Machine 0 Network\ HKLM\Soft At least This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network Machine 0 Network\ HKLM\Soft At least This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting Machine 0 Network\ HKLM\Soft At least This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting User 0 Windows HKCU\SOFT At least W Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Machine 0 Windows HKLM\SOFT At least W Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Machine 0 System\Fil HKLM\SOF At least Windows Server 2012 Machine 0 System\Fil HKLM\SOFT At least Windows Server 2012 Machine 0 System\Ac HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled Machine 0 System\Ac HKLM\SOFT At least Windows Server 2012 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows V If you enable this policy User 0 Start Men HKCU\Soft At least If you enable this policy User 0 Start Men HKCU\Soft Windows S If you enable this policy User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows S If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows V This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting User 0 Start Men HKCU\Soft At least Clear history of recently opened documents on exit.If you enable this setting User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft At least This setting affects the taskbar User 0 Start Men HKCU\Soft At least Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment User 0 Start Men HKCU\Soft At least This setting affects the notification area User 0 Start Men HKCU\Soft Windows S Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area User 0 Start Men HKCU\Soft At least This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting User 0 Start Men HKCU\Soft At least Windows Server 2012 Machine 1 Start Men HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled User 1 Start Men HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled Machine 1 Start Men HKLM\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout User 1 Start Men HKCU\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout

TRUE User 0 Start Men HKCU\Soft At least Removes items in the All Users profile from the Programs menu on the Start menu.By default User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows S This policy setting allows you to remove the Search link from the Start menu User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft At least This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft At least Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft At least This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting

User 0 Start Men HKCU\Soft At least This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting User 0 Start Men HKCU\Soft At least Allows you to remove the Run command from the Start menu User 0 Start Men HKCU\Soft At least This policy setting allows you to remove programs on Settings menu.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting User 0 Start Men HKCU\Soft Windows XP This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft Windows Server 2008 User 0 Start Men HKCU\Soft At least Prevents the clock in the system notification area from being displayed.If you enable this setting User 0 Start Men HKCU\Soft At least This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting User 0 Start Men HKCU\Soft At least This setting affects the taskbar.The taskbar includes the Start button User 0 Start Men HKCU\Soft At least This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting User 0 Start Men HKCU\Soft At least This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled User 0 Start Men HKCU\Soft Windows S This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting User 0 Start Men HKCU\Soft At least If you enable this setting User 0 Start Men HKCU\Soft At least This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting User 0 Start Men HKCU\Soft Windows S If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result User 0 Start Men HKCU\Soft Windows S This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting User 0 Start Men HKCU\Soft Windows S This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting User 0 Start Men HKCU\Soft Windows S This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting User 0 Start Men HKCU\Soft At least Windows Server 2012 User 0 Start Men HKCU\Soft Windows S Set the default action of the power button on the Start menu.If you enable this setting User 0 Start Men HKCU\Soft At least Windows Server 2012 User 1 Start Men HKCU\Soft At least Windows Server 2012 R2 User 1 Start Men HKCU\Soft At least Windows Server 2012 R2 User 1 Start Men HKCU\Soft At least Windows Server 2012 R2 User 1 Start Men HKCU\Soft At least Windows Server 2012 R2 User 1 Start Men HKCU\Soft At least Windows Server 2012 R2 Machine 0 System\Sy HKLM\Soft At least Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users Machine 0 System\Sy HKLM\Soft At least Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users User 0 Windows C HKCU\soft Windows Server 2008 Machine 0 Windows C HKLM\soft Windows Server 2008 User 0 Windows C HKCU\soft Windows Server 2008 Machine 0 Windows C HKLM\soft Windows Server 2008

TRUETRUETRUETRUE

User 0 Windows C HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState Machine 0 Windows C HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState

TRUETRUE

User 0 Windows C HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOutState User 0 Windows C HKCU\soft At least Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text

Machine 0 Windows C HKLM\soft At least Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text User 0 Windows C HKCU\SOFT Windows V Prevents start of InkBall game.If you enable this policy Machine 0 Windows C HKLM\SOFT Windows V Prevents start of InkBall game.If you enable this policy User 0 Windows C HKCU\SOFT At least W Prevents start of Windows Journal.If you enable this policy Machine 0 Windows C HKLM\SOFT At least W Prevents start of Windows Journal.If you enable this policy User 0 Windows C HKCU\SOFT At least W Prevents printing to Journal Note Writer.If you enable this policy Machine 0 Windows C HKLM\SOFT At least W Prevents printing to Journal Note Writer.If you enable this policy User 0 Windows C HKCU\SOFT At least W Prevents the snipping tool from running.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W Prevents the snipping tool from running.If you enable this policy setting User 0 Windows C HKCU\SOFT Windows Server 2008 Machine 0 Windows C HKLM\SOFT Windows Server 2008 User 0 Windows C HKCU\SOFT At least W Removes the Back->ESC mapping that normally occurs when menus are visible Machine 0 Windows C HKLM\SOFT At least W Removes the Back->ESC mapping that normally occurs when menus are visible User 0 Windows C HKCU\SOFT At least W Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy Machine 0 Windows C HKLM\SOFT At least W Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy User 0 Windows C HKCU\SOFT At least W Prevents press and hold actions on hardware buttons Machine 0 Windows C HKLM\SOFT At least W Prevents press and hold actions on hardware buttons User 0 Windows C HKCU\SOFT At least W Turns off Tablet PC hardware buttons.If you enable this policy Machine 0 Windows C HKLM\SOFT At least W Turns off Tablet PC hardware buttons.If you enable this policy User 0 Windows C HKCU\SOFT Windows Server 2008 Machine 0 Windows C HKLM\SOFT Windows Server 2008 User 0 Windows C HKCU\SOFT Windows Server 2008 Machine 0 Windows C HKLM\SOFT Windows Server 2008 User 0 Start Men HKCU\Soft At least W This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to lock all taskbar settings.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to turn off all notification balloons.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting User 0 Start Men HKCU\Soft At least W This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting User 0 Start Men HKCU\Soft Windows V This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files User 0 Start Men HKCU\Soft At least This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting User 0 Start Men HKCU\Soft At least This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting User 0 Start Men HKCU\Soft At least Windows Server 2012 User 0 Windows C HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003

Machine 0 Windows C HKLM\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 Machine 0 Windows C HKLM\Soft Windows Server 2003 Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to configure 6to4 Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to configure Teredo Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0 Machine 0 Network\TC HKLM\Soft At least This policy setting allows you to set Teredo to be ready to communicate Machine 0 Network\TC HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState Machine 0 Network\T HKLM\Syst At least W This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting Machine 0 Network\T HKLM\Syst At least This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting User 0 Windows C HKCU\SOFT At least This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session Machine 0 Windows C HKLM\SOFT Windows This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth Machine 0 Windows C HKLM\SOFT At least This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting Machine 0 Windows C HKLM\SOF At least Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP Machine 0 Windows C HKLM\SOF At least This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting Machine 0 Windows C HKLM\SOFT Windows 7 This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium Machine 0 Windows C HKLM\SOFT Windows 7 This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default User 1 Windows C HKCU\SOFT Windows Server 2008 R2 Machine 0 Windows C HKLM\SOFT Windows 7 This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect Machine 0 Windows C HKLM\SOFT Windows 7 This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting User 0 Windows HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy User 0 Windows HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName Machine 0 Windows C HKLM\SOFT At least Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default Machine 0 Windows C HKLM\SOFT Windows Server 2008 Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance

Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution Machine 0 Windows C HKLM\SOFT At least Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default Machine 0 Windows C HKLM\SOFT At least This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded Machine 0 Windows C HKLM\Soft At least This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default User 0 Windows C HKCU\SOFT Windows Server 2008 R2 Machine 0 Windows C HKLM\SOFT Windows Server 2008 R2 Machine 1 Windows C HKLM\SOFT Windows Server 2008 R2 Machine 1 Windows C HKLM\SOFT Windows Server 2008 R2 Machine 1 Windows C HKLM\SOF At least This policy setting allows you to enable RemoteApp programs to use advanced graphics Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting User 0 Windows C HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default Machine 0 Windows C HKLM\SOFT At least W This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default Machine 0 Windows C HKLM\SOF At least W This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile Machine 0 Windows C HKLM\Soft At least This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default Machine 0 Windows C HKLM\Soft At least This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to control the redirection of supported Plug and Play devices Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled Machine 0 Windows C HKLM\SOFT At least Windows Server 2003 Machine 0 Windows C HKLM\SOFT At least Windows Server 2003 Machine 0 Windows C HKLM\SOFT At least Windows Server 2003 Machine 0 Windows C HKLM\SOFT At least Windows Server 2003

User 0 Windows C HKCU\SOFT At least This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is Machine 0 Windows C HKLM\SOFT At least This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is User 0 Windows C HKCU\SOFT At least This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting User 0 Windows C HKCU\SOFT At least This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer Machine 0 Windows C HKLM\SOFT At least This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default User 0 Windows C HKCU\SOFT At least W This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting User 0 Windows C HKCU\SOFT At least W This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting User 0 Windows C HKCU\SOFT At least W This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default Machine 1 Windows C HKLM\SOFT Windows 7 This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting Machine 0 Windows C HKLM\SOFT Windows 7 This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting Machine 0 Windows C HKLM\SOFT Windows 7 This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 User 0 Windows C HKCU\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 Machine 0 System\Tr HKLM\Soft At least Windows Server 2012 Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled Machine 0 System\Tr HKLM\Soft At least W This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting Machine 0 System\Tr HKLM\Soft At least W This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting Machine 0 System\Tr HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration Machine 0 System\Tr HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold Machine 0 System\Tr HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold Machine 0 System\Use HKLM\Sof At least This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile Machine 0 System\Use HKLM\Soft At least Windows Server 2003 operating systems User 0 System\Use HKCU\Soft Windows Server 2003 Machine 0 System\Use HKLM\Soft At least This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default Machine 0 System\Use HKLM\Soft At least This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link Machine 0 System\Use HKLM\Soft At least This policy setting provides users with the ability to download their roaming profile User 0 System\Use HKCU\Soft At least This policy setting lets you exclude folders that are normally included in the user's profile. As a result Machine 0 System\Use HKLM\Sof At least This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings User 0 System\Use HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota Machine 0 System\Use HKLM\Soft At least This setting determines if roaming user profiles are available on a particular computer. By default Machine 0 System\Use HKLM\Soft Windows Server 2003

Machine 0 System\Use HKLM\Soft At least This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading Machine 0 System\Use HKLM\Soft Windows Server 2003 Machine 0 System\Use HKLM\Soft At least This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default Machine 0 System\Use HKLM\Soft At least This policy setting directs the system to wait for the remote copy of the roaming user profile to load Machine 0 System\Use HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate Machine 0 System\Use HKLM\Soft At least W This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting User 0 System\Use HKCU\Soft At least W This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection Machine 0 System\Use HKLM\Soft At least W This policy setting controls whether Windows forcefully unloads the user's registry at logoff Machine 0 System\Use HKLM\Soft At least W This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize Machine 0 System\Use HKLM\Soft At least W This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting Machine 0 System\Use HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod

TRUE Machine 0 System\Use HKLM\Soft At least Windows Server 2012 Machine 0 System\Use HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!ActiveDirectoryBackup Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryPassword Machine 0 Windows C HKLM\SOFT At least W This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting

TRUE Machine 0 Windows C HKLM\SOFT At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least W This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!OSPassphrase Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!IdentificationField Machine 0 Windows C HKLM\Soft At least This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!OSUseEnhancedBcdProfile Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecovery Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableNonTPM Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!UseAdvancedStartup Machine 0 Windows C HKLM\SOF At least This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy

TRUE Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled Machine 0 Windows C HKLM\Soft At least This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHardwareEncryption Machine 0 Windows C HKLM\Soft At least This policy setting allows users to turn on authentication options that require user input from the pre-boot environment Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecovery Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!FDVPassphrase Machine 0 Windows C HKLM\Syst At least This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!FDVDiscoveryVolumeType Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!FDVAllowUserCert Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHardwareEncryption Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecovery Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!RDVConfigureBDE

Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!RDVPassphrase Machine 0 Windows C HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!RDVDiscoveryVolumeType Machine 0 Windows C HKLM\Software\Policies\Microsoft\FVE!RDVAllowUserCert Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType Machine 0 Windows C HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHardwareEncryption Machine 0 System\Wi HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate Machine 0 System\Wi HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer Machine 0 System\Wi HKLM\Soft At least This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting Machine 0 System\Wi HKLM\Soft At least This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server Machine 0 Network\ HKLM\Soft At least Windows Server 2012 Machine 0 Network\ HKLM\Soft At least Windows Server 2012 Machine 0 Network\ HKLM\Soft At least Windows Server 2012 Machine 0 Network\ HKLM\Sof At least Windows Server 2012 Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled Machine 0 System\Tr HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled User 0 Windows HKCU\Soft Windows V Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars Machine 0 Windows HKLM\Soft Windows V Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars Machine 0 Windows C HKLM\Soft At least By default User 0 Windows C HKCU\Soft At least By default Machine 0 \Server HKLM\Soft At least This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting Machine 0 \Server HKLM\Soft At least This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting Machine 0 \Server HKLM\Soft At least This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting Machine 0 \Server HKLM\Soft At least This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting Machine 0 \Server HKLM\Sof At least This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting User 0 Windows HKCU\Soft At least W This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting User 0 Network\ HKCU\Soft At least W This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting Machine 0 Network\ HKLM\Soft At least W This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting Machine 0 Network\ HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether spyware definitions are used during a scan.If you enable or do not configure this setting Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Soft At least W This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender!ProxyBypass Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender!ProxyServer Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges!Nis_Consumers_IPS_Exclusions_Ip_Ranges_Ip_Range Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports!Nis_Consumers_IPS_Exclusions_Ports_Port_Number Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name

Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs!Nis_Consumers_IPS_Exclusions_Threat_Ids_Threat_Id Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least W This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate" Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012

Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 1 Windows HKLM\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction Machine 1 Windows HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction Machine 1 Windows C HKLM\Soft At least Windows Server 2012 Machine 1 Windows C HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString User 0 Windows C HKCU\Soft At least Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional User 0 Windows C HKCU\Soft At least Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it User 0 Windows C HKCU\Soft At least Removes the shortcut bar from the Open dialog box.This setting User 0 Windows C HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0 User 0 Windows C HKCU\Soft Windows Server 2008 User 0 Windows C HKCU\Soft At least Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting User 0 Windows C HKCU\Soft At least This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting User 0 Windows C HKCU\Soft At least This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path User 0 Windows C HKCU\Soft Windows Server 2008 User 0 Windows C HKCU\Soft At least This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft At least This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft At least Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.

User 0 Windows C HKCU\Soft At least This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open User 0 Windows C HKCU\Soft At least Removes the Hardware tab.This setting removes the Hardware tab from Mouse User 0 Windows C HKCU\Soft At least Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc) User 0 Windows C HKCU\Soft Windows X This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup User 0 Windows C HKCU\Soft At least Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting User 0 Windows C HKCU\Soft At least When a file or folder is deleted in File Explorer User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft At least Removes the Security tab from File Explorer.If you enable this setting User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft At least Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting User 0 Windows C HKCU\Soft At least Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting User 0 Windows C HKCU\Soft At least Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft At least W This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol Machine 0 Windows C HKLM\Soft At least W This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol User 0 Windows C HKCU\Soft At least If you enable this policy User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary Machine 0 Windows C HKLM\Soft At least This policy setting allows you to prevent data loss when you change the target location for Folder Redirection User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders User 0 Windows C HKCU\Soft At least This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy User 0 Windows C HKCU\Soft At least Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy Machine 0 Windows C HKLM\Soft At least W Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation User 0 Windows C HKCU\Soft At least W Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation Machine 0 Windows C HKLM\Soft At least This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting

User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User 0 Windows C HKCU\Soft At least This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine 0 Windows C HKLM\Soft At least Windows Server 2012 User 0 Windows C HKCU\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized User 0 Windows C HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 Windows C HKLM\Soft At least Windows Server 2012 Machine 0 System\Wi HKLM\Soft Windows Server 2003 Machine 0 System\Wi HKLM\Soft Windows Server 2003 Machine 0 System\Wi HKLM\Soft Windows Server 2003 Machine 0 System\Wi HKLM\Soft Windows Server 2003 Machine 0 Network\N HKLM\SOFT At least W Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled Machine 0 Network\N HKLM\SOFT At least W Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Machine 0 Network\N HKLM\SOFT At least W Turns on Windows Firewall.If you enable this policy setting Machine 0 Network\N HKLM\SOFT At least W Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets Machine 0 Network\N HKLM\SOFT At least W Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled Machine 0 Network\N HKLM\SOFT At least W Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled

Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled Machine 0 Network\N HKLM\SOFT At least W Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled Machine 0 Network\N HKLM\SOFT At least W Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Machine 0 Network\N HKLM\SOFT At least W Turns on Windows Firewall.If you enable this policy setting Machine 0 Network\N HKLM\SOFT At least W Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets Machine 0 Network\N HKLM\SOFT At least W Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled Machine 0 Network\N HKLM\SOFT At least W Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled Machine 0 Network\N HKLM\SOFT At least W Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting Machine 0 Network\N HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled User 0 Windows HKCU\SOF At least W Denies or allows access to the Windows Mail application.If you enable this setting Machine 0 Windows HKLM\SOF At least W Denies or allows access to the Windows Mail application.If you enable this setting User 0 Windows HKCU\SOFT At least W Windows Mail will not check your newsgroup servers for Communities support. Machine 0 Windows HKLM\SOFT At least W Windows Mail will not check your newsgroup servers for Communities support. Machine 0 Windows HKLM\Soft At least Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled Machine 0 Windows HKLM\Soft Windows Me This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting Machine 0 Windows HKLM\Soft Windows Me This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting Machine 0 Windows HKLM\Soft Windows Me This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting User 0 Windows HKCU\Soft Windows Me This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting Machine 0 Windows HKLM\Soft Windows M This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting User 0 Windows HKCU\Soft Windows Me This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting Machine 0 Windows HKLM\Soft Windows Me This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting User 0 Windows HKCU\Soft Windows Server 2003 Machine 0 Windows HKLM\Soft Windows Me This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting User 0 Windows HKCU\Soft Windows Me This policy setting allows a screen saver to interrupt playback.If you enable this policy setting User 0 Windows HKCU\Soft Windows M This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting User 0 Windows C HKCU\Soft Windows Server 2003 User 0 Windows C HKCU\Soft Windows Me This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting User 0 Windows C HKCU\Soft Windows Me This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting User 0 Windows C HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin User 0 Windows HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy User 0 Windows HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy User 0 Windows HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy User 0 Windows HKCU\Soft Windows M This policy setting allows you to hide the Network tab.If you enable this policy setting User 0 Windows HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy User 0 Windows HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols Machine 0 Windows HKLM\Soft At least This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting User 0 Windows HKCU\Soft At least This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting Machine 0 Windows HKLM\Soft At least This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting User 0 Windows HKCU\Soft At least This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting

Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig Machine 0 Windows HKLM\Sof Windows 7 User 0 Windows HKCU\Sof Windows 7 User 0 Windows HKCU\Sof Windows 7 Machine 0 Windows HKLM\Sof Windows 7 User 0 Windows HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled Machine 0 Windows HKLM\Sof Windows XP This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting Machine 0 Windows HKLM\Soft Windows XP Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled Machine 0 Windows HKLM\Sof At least W Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled Machine 0 Windows HKLM\Soft Windows Server 2008 Machine 0 Windows HKLM\Sof Windows Server 2008 Machine 0 Windows HKLM\Sof Windows XP Specifies that to complete a scheduled installation Machine 1 Windows HKLM\Sof When Windows Update requires a restart to finish installing updates Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled Machine 0 Windows HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled Machine 0 Windows HKLM\Soft At least Windows Server 2003 operating systems or Windows XP Professional with SP1 Machine 0 Windows HKLM\Soft At least W This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting Machine 0 Windows HKLM\Soft At least W This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting Machine 0 System\S HKLM\Soft At least Windows Server 2012 Machine 0 Windows HKLM\Soft At least W This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level User 0 Windows HKCU\Soft At least W This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default User 0 Windows HKCU\Soft At least W This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation Machine 0 Windows HKLM\Soft At least W This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting User 1 Windows HKCU\Software\Policies\Microsoft\Windows\WorkFolders!SyncUrl User 1 Start Menu HKCU\SOFT At least Windows Server 2012 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 R2 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 R2 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 R2 User 1 Start Menu HKCU\SOFT At least Windows Server 2012 R2 Machine 1 Network\ HKLM\Soft At least Windows Server 2012 Machine 1 Network\ HKLM\Soft At least Windows Server 2012

HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX

Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes

This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications

This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default

This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default

This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits

This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache This policy setting specifies whether the computer will act as a BITS peer caching client. By default This policy setting specifies whether the computer will act as a BITS peer caching server. By default This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers

HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default This policy setting limits the number of BITS jobs that can be created by a user. By default This policy setting limits the number of files that a BITS job can contain. By default This policy setting limits the number of ranges that can be added to a file in a BITS job. By default This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.

This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications Prevents users from sharing the whole desktop. They will still be able to share individual applications. Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. Disables the audio feature of NetMeeting. Users will not be able to send or receive audio. Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. Prevents users from receiving video. Users will still be able to send video provided they have the hardware." Prevents users from sending video if they have the hardware. Users will still be able to receive video from others. Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. Make the automatic acceptance of incoming calls persistent.

Disables the T.126 whiteboard feature of NetMeeting. Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it. Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.

Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always. Prevents users from changing the way calls are placed Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book." Prevents users from receiving files from others in a conference.

Prevents users from sending files to others in a conference. Prevents users from viewing directories as Web pages in a browser. Limits the size of files users can send to others in a conference. Sets the URL NetMeeting will display when the user chooses the Help Online Support command. Sets the level of security for both outgoing and incoming NetMeeting calls. Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl This policy setting controls the default Control Panel view Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl Disables the Display Control Panel.If you enable this setting

Disables the Color (or Window Color) page in the Personalization Control Panel Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add Enables desktop screen savers.If you disable this setting Specifies the screen saver for the user's desktop.If you enable this setting Determines whether screen savers used on the computer are password protected.If you enable this setting Specifies how much user idle time must elapse before the screen saver is launched.When configured Prevents users from adding or changing the background design of the desktop.By default Prevents users from changing the sound scheme.By default Prevents users from changing the mouse pointers.By default Prevents users from changing the desktop icons.By default

This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles)

HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background

This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist

This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example

HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly

HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials

This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default This policy setting requires the user to enter Microsoft Windows credentials using a trusted path

This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting This policy setting prevents users from locking the system.While locked This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory Prevents users from changing the path to their profile folders.By default

Prevents users from using the Desktop Cleanup Wizard.If you enable this setting Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods. This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows

Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista This setting hides Properties on the context menu for Computer.If you enable this setting

Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop Removes the Properties option from the Recycle Bin context menu.If you enable this setting Prevents users from saving certain changes to the desktop.If you enable this setting

Prevents users from adjusting the length of desktop toolbars. Also Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy

This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity

This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs

This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses

This policy setting prevents redirection of USB devices.If you enable this setting HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs

This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting

HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies

This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting

This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting

Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting

Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix Specifies if DNS client computers will register PTR resource records.By default Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example Specifies the security level for dynamic DNS updates.To use this policy setting Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution

This policy setting controls the appearance of window animations such as those found when restoring This policy setting controls the appearance of window animations such as those found when restoring

HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState

This policy setting controls the ability to change the color of window frames. If you enable this policy setting This policy setting controls the ability to change the color of window frames. If you enable this policy setting

This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL

This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting This policy setting determines whether Windows Error Reporting (WER) sends additional This policy setting determines whether Windows Error Reporting (WER) sends additional

This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products

This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting

HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer

This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting

HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue

This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size

This policy setting turns on logging.If you enable or do not configure this policy setting This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This is the program that will be invoked when the user clicks the events.asp link. This specifies the command line parameters that will be passed to the events.asp program This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. This policy setting configures File Explorer to always display the menu bar.Note: By default This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled

HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files Encrypting the page file prevents malicious users from reading data that has been paged to disk These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0

This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs This policy setting allows you to control whether all redirected shell folders

HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs

This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane Hides the Preview Pane in File Explorer.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting Manages download of game update information from Windows Metadata Services.If you enable this setting This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales

HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales

HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales

This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer This policy turns off the offer text predictions as I type option. This does not This policy turns off the insert a space after selecting a text prediction option. This does not This policy turns off the autocorrect misspelled words option. This does not This policy turns off the highlight misspelled words option. This does not

This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection

This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay

This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous This policy setting allows user-based policy processing

HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink

This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default

This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting

This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting

HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime

This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting This policy setting lets you always use local ADM files for the Group Policy snap-in.By default This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers

HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink

HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel

This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting This policy setting specifies whether active content links in trusted assistance content are rendered. By default This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting

HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication

This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing

This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting

This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet

This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the tasks "Publish this file to the Web This policy setting specifies whether the tasks "Publish this file to the Web This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level "This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A} Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features Designates Shockwave flash as an administrator approved control.If you enable this policy

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93} HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67}

Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy Designates Microsoft Survey Control as an administrator approved control.If you enable this policy This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether Internet Explorer preemptively loads websites and content in the background This policy setting determines whether Internet Explorer preemptively loads websites and content in the background This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control

This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this This policy setting allows you to manage whether software This policy setting allows you to manage whether software This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting This policy setting allows you to turn on your script debugger

This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting

This policy setting determines whether phone numbers are recognized and turned into hyperlinks This policy setting determines whether phone numbers are recognized and turned into hyperlinks

HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy

Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy

Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8) This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID

This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT

HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors

This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING

This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND

Internet Explorer places zone restrictions on each Web page it opens Internet Explorer places zone restrictions on each Web page it opens

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING

The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL

Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD

Internet Explorer allows scripts to programmatically open Internet Explorer allows scripts to programmatically open

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2

This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions This policy setting turns off Automatic Crash Recovery.If you enable this policy setting This policy setting turns off Automatic Crash Recovery.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting

This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally This policy setting allows you to turn on or turn off the earlier menus (for example This policy setting allows you to turn on or turn off the earlier menus (for example This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting

Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting allows the user to enable the SmartScreen Filter This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus

This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting

This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting

This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting Prevents Internet Explorer from automatically installing components.If you enable this policy This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting

HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow

This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting Prevents users from changing the browser cache settings Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting Prevents users from changing the default Web page colors.If you enable this policy Prevents users from changing dial-up settings.If you enable this policy

HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings Prevents users from running the Internet Connection Wizard.If you enable this policy Prevents users from changing font settings.If you enable this policy

HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage

Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting Prevents users from changing language preference settings.If you enable this policy Prevents users from changing the colors of links on Web pages.If you enable this policy Prevents users from changing the default programs for messaging tasks.If you enable this policy You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting Prevents users from changing Profile Assistant settings.If you enable this policy This policy setting specifies if a user can change proxy settings.If you enable this policy setting This policy setting specifies if a user can change proxy settings.If you enable this policy setting Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy Prevents users from restoring default settings for home and search pages.If you enable this policy This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting

This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting Applies proxy settings to all users of the same computer.If you enable this policy This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting

This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting

This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history

This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting

This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting

This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls

This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms

This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting

This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting

This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting

This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting

This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting

This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent

This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting

This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting

This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting

This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history

This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on

HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate

This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey

This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent

This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting

This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting

This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting

This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting

This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history

This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy Prevents users from saving the complete contents that are displayed on or run from a Web page Prevents users from opening a new browser window from the File menu.If this policy is enabled Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8

Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy Prevents users from displaying the browser in full-screen (kiosk) mode Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting This policy setting specifies whether graphical images are included when pages are displayed.Sometimes This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting

HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DomainLimit

This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting

This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete

HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt

This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: â€¢ Disable top result search: When a user performs a search in the Address bar This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: â€¢ Disable top result search: When a user performs a search in the Address bar This policy setting allows the user to run natively implemented This policy setting allows the user to run natively implemented This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008 This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons This policy setting allows you to show or hide the Command bar.If you enable this policy setting This policy setting allows you to show or hide the Command bar.If you enable this policy setting This policy setting allows you to show or hide the status bar.If you enable this policy setting This policy setting allows you to show or hide the status bar.If you enable this policy setting This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting This policy setting allows you to choose among three different labels for command buttons: show all text labels

This policy setting allows you to choose among three different labels for command buttons: show all text labels This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting This policy setting allows you to manage where tabs are displayed.If you enable this policy setting This policy setting allows you to manage where tabs are displayed.If you enable this policy setting This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting This policy setting controls the Suggested Sites feature This policy setting controls the Suggested Sites feature This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to add non-default Accelerators.If you enable this policy setting This policy setting allows you to add non-default Accelerators.If you enable this policy setting This policy setting allows you to add default Accelerators.If you enable this policy setting This policy setting allows you to add default Accelerators.If you enable this policy setting This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting controls the Compatibility View feature This policy setting controls the Compatibility View feature This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting

Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain� This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain� This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain� This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain� This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting configures what Internet Explorer displays when a new browsing session is started. By default This policy setting configures what Internet Explorer displays when a new browsing session is started. By default This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established. If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established. If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled

This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch

This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled

HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize

This policy setting specifies whether a hash generation service generates hashes

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled

This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting forces the user to log on to the computer using the classic logon screen. By default This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting determines whether Group Policy processing is synchronous (that is

This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting This policy setting allows you to hide the Switch User interface in the Logon UI This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup

This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting

This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting Permits or prohibits use of this snap-in.If you enable this setting Permits or prohibits use of this snap-in.If you enable this setting Permits or prohibits use of this snap-in.If you enable this setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run

This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting

This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting turns off Windows Mobility Center.If you enable this policy setting This policy setting turns off Windows Mobility Center.If you enable this policy setting This policy setting turns off Windows presentation settings.If you enable this policy setting This policy setting turns off Windows presentation settings.If you enable this policy setting This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled

This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled

This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting This policy setting allows users to patch elevated products.If you enable this policy setting This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting This policy setting prevents users from installing any programs from removable media.If you enable this policy setting This policy setting restricts the use of Windows Installer.If you enable this policy setting This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users This policy setting allows you to configure user installs. To configure this policy setting This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 Specifies the types of events that Windows Installer records in its transaction log for each installation. The log This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting

This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting This policy setting controls the ability to turn off shared components.If you enable this policy setting This policy setting controls the ability to prevent embedded UI.If you enable this policy setting This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is â€œPING:â€ followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address� Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. This policy setting enables you to specify the URL of the corporate website This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.

This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clientâ€™s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default This policy setting specifies the additional time for the computer to wait for the domain controllerâ€™s (DC) response when logging on to the network.To specify the expected dial-up delay at logon This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default

This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV recordâ€™s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6

This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name

Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed

Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default

Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled

Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection

Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection

Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection

This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting Specifies whether or not the "local access only" network icon will be shown.When enabled This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess

This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting

This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting

This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting

At least Windows Server 2003 operating systems Service Pack 1

This policy setting prevents users from making network files and folders available offline.If you enable this policy setting This policy setting prevents users from making network files and folders available offline.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting

Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow

This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting

HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting

This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name

This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name

This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol

This policy setting allows you to configure the Family Safety feature.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled

This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting

Turns off Tablet PC Pen Training.If you enable this policy setting Turns off Tablet PC Pen Training.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled

This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting This policy setting specifies the active power plan from a specified power planâ€™s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan

This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting

This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting This policy setting allows you to turn off hybrid sleep.If you enable this policy setting This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting This policy setting allows you to turn off hybrid sleep.If you enable this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computerâ€™s display.If you enable this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computerâ€™s display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath

This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Internet printing lets you display printers on Web pages so that printers can be viewed

HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it

Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled

HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State This policy restricts clients computers to use package point and print only.If this setting is enabled

HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList This policy restricts clients computers to use package point and print only.If this setting is enabled

HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList

Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted

Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes) This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting

This policy controls whether the print spooler will accept client connections.When the policy is unconfigured

Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally Sets the priority of the pruning thread. The pruning thread Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall This setting prevents users from accessing "Programs and Features" to view This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting

Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting

HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting

HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state

This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting

HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write

This policy setting denies read access to the Floppy Drives removable storage class This policy setting denies read access to the Floppy Drives removable storage class This policy setting denies write access to the Floppy Drives removable storage class This policy setting denies write access to the Floppy Drives removable storage class This policy setting denies execute access to the Floppy Drives removable storage class This policy setting denies read access to removable disks.If you enable this policy setting

This policy setting denies read access to removable disks.If you enable this policy setting This policy setting denies write access to removable disks.If you enable this policy setting This policy setting denies write access to removable disks.If you enable this policy setting This policy setting denies execute access to removable disks.If you enable this policy setting Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting

HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write

This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting

This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting This policy setting determines whether the RPC Runtime maintains RPC state information for the system This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default

This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default This policy setting allows user logon scripts to run when the logon cross-forest This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states

HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured

This policy setting determines when Windows uses automatic language detection results

This policy setting disables indexing of removable drives. This policy setting allows you to control whether or not Search can perform queries on the web This policy setting allows you to control whether or not Search can perform queries on the web over metered connections

HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch

This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting

Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes

Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis

Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0

This policy setting prevents search queries from being stored in the registry. If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs

This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on This policy setting turns off the sensor feature for this computer. If you enable this policy setting This policy setting turns off the sensor feature for this computer. If you enable this policy setting This policy setting turns off the location feature for this computer. If you enable this policy setting This policy setting turns off the location feature for this computer. If you enable this policy setting This policy setting turns off scripting for the location feature. If you enable this policy setting This policy setting turns off scripting for the location feature. If you enable this policy setting This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync

HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync

HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting Specifies an alternate location for Windows installation files.If you enable this policy setting Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting This policy setting specifies whether users can add computers to a homegroup. By default This policy setting prevents users from running the interactive command prompt Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun

This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting

This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state

This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled

If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy

This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting Clear history of recently opened documents on exit.If you enable this setting

Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment

Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting

HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled

Removes items in the All Users profile from the Programs menu on the Start menu.By default

This policy setting allows you to remove the Search link from the Start menu

This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting

Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting

This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting

This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting Allows you to remove the Run command from the Start menu This policy setting allows you to remove programs on Settings menu.If you enable this policy setting This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting

Prevents the clock in the system notification area from being displayed.If you enable this setting This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting This setting affects the taskbar.The taskbar includes the Start button This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting

This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting

Set the default action of the power button on the Start menu.If you enable this setting

Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users

Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text

Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Prevents start of InkBall game.If you enable this policy Prevents start of InkBall game.If you enable this policy Prevents start of Windows Journal.If you enable this policy Prevents start of Windows Journal.If you enable this policy Prevents printing to Journal Note Writer.If you enable this policy Prevents printing to Journal Note Writer.If you enable this policy Prevents the snipping tool from running.If you enable this policy setting Prevents the snipping tool from running.If you enable this policy setting

Removes the Back->ESC mapping that normally occurs when menus are visible Removes the Back->ESC mapping that normally occurs when menus are visible Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy Prevents press and hold actions on hardware buttons Prevents press and hold actions on hardware buttons Turns off Tablet PC hardware buttons.If you enable this policy Turns off Tablet PC hardware buttons.If you enable this policy

This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting This policy setting allows you to lock all taskbar settings.If you enable this policy setting This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting This policy setting allows you to turn off all notification balloons.If you enable this policy setting This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting

This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting

This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting

This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0 This policy setting allows you to set Teredo to be ready to communicate

HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default

This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting

HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName

Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default

This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance

This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution

Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default

This policy setting allows you to enable RemoteApp programs to use advanced graphics This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting

HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram

This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default This policy setting allows you to control the redirection of supported Plug and Play devices This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled

This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting

This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server

HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate

This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold

This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile

This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link This policy setting provides users with the ability to download their roaming profile This policy setting lets you exclude folders that are normally included in the user's profile. As a result This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota This setting determines if roaming user profiles are available on a particular computer. By default

This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading

This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default This policy setting directs the system to wait for the remote copy of the roaming user profile to load

HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection This policy setting controls whether Windows forcefully unloads the user's registry at logoff This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting

This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting

This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters

This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs

This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute

This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy

HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled

This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting

This policy setting allows users to turn on authentication options that require user input from the pre-boot environment

This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting

HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess

HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate

This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled

Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars

This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars

This policy setting allows you to manage whether spyware definitions are used during a scan.If you enable or do not configure this setting

This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting

HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes

HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges!Nis_Consumers_IPS_Exclusions_Ip_Ranges_Ip_Range HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports!Nis_Consumers_IPS_Exclusions_Ports_Port_Number HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name

HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs!Nis_Consumers_IPS_Exclusions_Threat_Ids_Threat_Id HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid

HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay

This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting

HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize

HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection

HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout

HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel

HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor

This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate"

HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval

HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources

HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder

HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime

HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval

HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction

HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it Removes the shortcut bar from the Open dialog box.This setting

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0

Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path

This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting

This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also

Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.

This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open Removes the Hardware tab.This setting removes the Hardware tab from Mouse Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc) This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting

Removes the Security tab from File Explorer.If you enable this setting

Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example

This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol

HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary

This policy setting allows you to prevent data loss when you change the target location for Folder Redirection HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders

This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting

This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)

HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized

Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled

Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Turns on Windows Firewall.If you enable this policy setting Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets

Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled

Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled

Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Turns on Windows Firewall.If you enable this policy setting Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets

Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled

Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled

Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled

Denies or allows access to the Windows Mail application.If you enable this setting Denies or allows access to the Windows Mail application.If you enable this setting Windows Mail will not check your newsgroup servers for Communities support. Windows Mail will not check your newsgroup servers for Communities support. Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting

This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting This policy setting allows a screen saver to interrupt playback.If you enable this policy setting This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting

This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting

HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy

This policy setting allows you to hide the Network tab.If you enable this policy setting HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols

This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting

This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting

HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled

This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled

When Windows Update requires a restart to finish installing updates HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled

At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting

This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting

Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes

This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input

This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example

This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting

This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting

This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit

This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space

This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers

This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.

This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs

Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.

Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.

Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.

Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it.

Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always.

Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book."

This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles)



This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers

Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory

Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods.

Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista

This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting

This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity

This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example

This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting

Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting

Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting

This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting

Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting

Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix

Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example

This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting

This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products

This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors

This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size

This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting

This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.

This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.

Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting

This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales

This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting

This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer

This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly

This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default

This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous

This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings

This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting

This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured

This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers

This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited

This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited

This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively

This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting

This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting

This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting

This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting

This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet

This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting

This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level

Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features

Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy

Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy

This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting

This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control

This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression

This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting

This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting

This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting

This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer

This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default

This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default

Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy

Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing

This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download

This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired"

This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default

This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting


This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting

The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting




This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting

This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting

This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy

This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting

This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting

This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting

This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting

This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting

This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting

This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting

This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting

This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting

This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting

This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting

Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting

This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting

Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy

Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally

This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed

This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer

This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer

This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting

This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting

This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting


This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download

This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting

This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting

This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable

This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting

This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting

This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting

This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting





This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting


This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting













This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms

This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting










This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting





This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting

This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings




This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users

This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting

This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting

This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing

This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting

This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete

This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: â€¢ Disable top result search: When a user performs a search in the Address bar This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: â€¢ Disable top result search: When a user performs a search in the Address bar

This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting

This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar

Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy

This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before

This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting

This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting

This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting

Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting

Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting

This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain� This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain�

This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain� This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain�

This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size

Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.

If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.

If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established. If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.

This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting

This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN)

This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting

This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting

This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting

This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup

This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting

This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos

This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting

This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note

This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting

This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting

This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting

This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting

This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting

This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0

This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting

This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting

This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator

Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option

Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is â€œPING:â€ followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address� Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default

This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.

This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clientâ€™s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default This policy setting specifies the additional time for the computer to wait for the domain controllerâ€™s (DC) response when logging on to the network.To specify the expected dial-up delay at logon

This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled

This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service

This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV recordâ€™s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service

This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6

This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name


Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default

Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection

Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection

Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection

This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess

This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting

This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting

This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting

Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow

This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name

This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name

This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol

This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting

This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting

This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting

This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting

This policy setting specifies the active power plan from a specified power planâ€™s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg

This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting

This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting

This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computerâ€™s display.If you enable this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computerâ€™s display.If you enable this policy setting

This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting

This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting

This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting

This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting

Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting

Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting

This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes) This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process

Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally

Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt

Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default

This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall

This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured

Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View

This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting

Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting

Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting

Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel

Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting

This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting

This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting

Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes

This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting

This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting

This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default

This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting

This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default

This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default

This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states

Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured

Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example

Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis

Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis

This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on

This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting

Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting

This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting

This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting

This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card.

This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example

This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain

This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting

This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting


This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting

This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled

This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting

Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users



This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files

This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting

This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting

This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting

This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting

This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default

This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default

This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect

Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default

This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance

Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off

This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled

This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer

This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting

This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting

This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default

This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default

This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled

This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting

This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server

This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting

This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link

This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings

This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading

This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection

This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting


This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters




This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting

This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting

This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting

This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting

This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate"

This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path

This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting

This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also

Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.

This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open

Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc)

Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy

This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting


Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting

Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting

Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting

Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting


Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting

Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting


This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting

This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting

This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled

This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting

This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level

This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes

This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input


This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit

If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.

Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book."

Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista

Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting

Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers

Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example

This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting

This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales

This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default


This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied

This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited

This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited


This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting


This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default

This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name

This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features

This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting

This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting

This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting

This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting

This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting

This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting

Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting



This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting

This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting

This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting

This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting

This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting

Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally

This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable


This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting

This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting

This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting

This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting

The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also


This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting

This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting

This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain� This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain�

This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain� This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The â€œSet default storage limits for websitesâ€ policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain�

Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.

If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.

If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.

This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN)

This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting

This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting


Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured

Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is â€œPING:â€ followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address�

This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.

This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clientâ€™s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey

This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service

This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers

This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV recordâ€™s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records

This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting

This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller

This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later


Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)

This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is

This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is

This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting

This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting


Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally

Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt

This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured

Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting

Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting

Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting

This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting

This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting

This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting

This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states

Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured

Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy

This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting

This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting

This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting

This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card.

This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example

This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting


This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting

This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting

This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting

This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium

This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off

This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting

This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting

This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default

This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default

This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default

This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default

This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default

Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled

This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings

This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting

This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize


This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting




This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting

This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path

Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy

This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting

This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus


Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates

Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example

This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting

This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting

Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy

Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is â€œPING:â€ followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address�

This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clientâ€™s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey

This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers



Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)

This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default

This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting

This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting

This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting


This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting

This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card.


This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default

This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer

Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates

This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting

This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey


This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting


This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting


This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default

This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting

Status Policy Path

Computer Configuration\Windows Settings\Account Policies\Password Policy






Computer Configuration\Windows Settings\Account Policies\Account Lockout Poli



Computer Configuration\Windows Settings\Local Policies\Kerberos Policy





Computer Configuration\Windows Settings\Local Policies\Audit Policy









Computer Configuration\Windows Settings\Local Policies\User Rights Assignment













































Computer Configuration\Windows Settings\Local Policies\Security Options

















































Computer Configuration\Windows Settings\Security Settings\Event Log












Computer Configuration\Windows Settings\Security Settings\Restricted Groups

Computer Configuration\Windows Settings\Security Settings\System Services

Computer Configuration\Windows Settings\Security Settings\Registry

Computer Configuration\Windows Settings\Security Settings\File System

Policy Name

Enforce password history

Maximum password age

Minimum password age

Minimum password length

Password must meet complexity requirement

Store passwords using reversible encryption for all users in the domain

Account lockout duration

Account lockout threshold

Reset lockout counter after

Enforce user logon restrictions

Maximum lifetime for service ticket

Maximum lifetime for user ticket

Maximum lifetime for user ticket renewal

Maximum tolerance for computer clock synchronization

Audit account logon events

Audit account management

Audit directory service access

Audit logon events

Audit object access

Audit policy change

Audit privilege use

Audit process tracking

Audit system events

Access this computer from the network

Access Credential Manager as a trusted caller

Act as part of the operating system

Add workstations to a domain

Adjust memory quotas for a process

Allow log on locally

Allow log on through Remote Desktop Services

Backup files and directories

Bypass traverse checking

Change the system time

Change the time zone

Create a pagefile

Create a token object

Create global objects

Create permanent shared objects

Create Symbolic Links

Debug programs

Deny access to this computer from the network

Deny log on as a batch job

Deny log on as a service

Deny log on locally

Deny log on through Remote Desktop Services

Enable computer and user accounts to be trusted for delegation

Force shutdown from a remote system

Generate security audits

Impersonate a client after authentication

Increase a process working set

Increase scheduling priority

Load and unload device drivers

Lock pages in memory

Log on as a batch job

Log on as a service

Log on locally

Manage auditing and security log

Modify an object label

Modify firmware environment values

Perform volume maintenance tasks

Profile single process

Profile system performance

Remove computer from docking station

Replace a process level token

Restore files and directories

Shut down the system

Synchronize directory service data

Take ownership of files or other objects

Accounts: Administrator account status

Accounts: Block Microsoft accounts

Accounts: Guest account status

Accounts: Limit local account use of blank passwords to console logon only

Accounts: Rename administrator account

Accounts: Rename guest account

Audit: Audit the accesss of global system objects

Audit: Audit the use of Backup and Restore privilege

Audit: Force audit policy subcategory settings (Windows Vista or later) to overri

Audit: Shut down system immediately if unable to log security audits

DCOM: Machine Access Restrictions in Security Descriptor Definition Languag

DCOM: Machine Launch Restrictions in Security Descriptor Definition Languag

Devices: Allow undock without having to log on

Devices: Allowed to format and eject removable media

Devices: Prevent users from installing printer drivers

Devices: Restrict CD-ROM access to locally logged-on user only

Devices: Restrict floppy access to locally logged-on user only

Devices: Unsigned driver installation behavior

Domain controller: Allow server operators to schedule tasks

Domain controller: LDAP server signing requirements

Domain controller: Refuse machine account password changes

Domain member: Digitally encrypt or sign secure channel data (always)

Domain member: Digitally encrypt secure channel data (when possible)

Domain member: Digitally sign secure channel data (when possible)

Domain member: Disable machine account password changes

Domain member: Maximum machine account password age

Domain member: Require strong (Windows 2000 or later) session key

Interactive logon: Do not display last user name

Interactive Logon: Display user information when session is locked

Interactive logon: Do not require CTRL+ALT+DEL

Interactive logon: Machine account lockout threshold

Interactive logon: Machine inactivity limit

Interactive logon: Message text for users attempting to logon

Interactive logon: Message title for users attempting to logon

Interactive logon: Number of previous logons to cache (in case domain controller

Interactive logon: Prompt user to change password before expiration

Interactive logon: Require Domain Controller authentication to unlock workstati

Interactive logon: Require smart card

Interactive logon: Smart card removal behavior

Microsoft network client: Digitally sign communications (always)

Microsoft network client: Digitally sign communications (if server agrees)

Microsoft network client: Send unencrypted password to third-party SMB server

Microsoft network server: Amount of idle time required before suspending sessi

Microsoft network server: Attempt S4U2Self to obtain claim information

Microsoft network server: Digitally sign communications (always)

Microsoft network server: Digitally sign communications (if client agrees)

Microsoft network server: Disconnect clients when logon hours expire

Microsoft network server: Server SPN target name validation level

Network access: Allow anonymous SID/Name translation

Network access: Do not allow anonymous enumeration of SAM accounts

Network access: Do not allow anonymous enumeration of SAM accounts and s

Network access: Do not allow storage of passwords and credentials for network

Network access: Let Everyone permissions apply to anonymous users

Network access: Named Pipes that can be accessed anonymously

Network access: Remotely accessible registry paths

Network access: Remotely accessible registry paths and sub-paths

Network access: Restrict anonymous access to Named Pipes and Shares

Network access: Shares that can be accessed anonymously

Network access: Sharing and security model for local accounts

Network security: Do not store LAN Manager hash value on next password cha

Network security: Force logoff when logon hours expire

Network security: LAN Manager authentication level

Network security: LDAP client signing requirements

Network security: Minimum session security for NTLM SSP based (including se

Network security: Minimum session security for NTLM SSP based (including s

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

Network security: Restrict NTLM: Incoming NTLM traffic

Network security: Restrict NTLM: Audit Incoming NTLM Traffic

Network security: Restrict NTLM: NTLM authentication in this domain

Network security: Restrict NTLM: Audit NTLM authentication in this domain

Network security: Restrict NTLM: Add remote server exceptions for NTLM authe

Network security: Restrict NTLM: Add server exceptions in this domain

Network security: Allow LocalSystem NULL session fallback

Network security: Allow Local System to use computer identity for NTLM

Network security: Allow PKU2U authentication requests to this computer to use o

Network security: Configure encryption types allowed for Kerberos

Recovery console: Allow automatic administrative logon

Recovery console: Allow floppy copy and access to all drives and all folders

Shutdown: Allow system to be shut down without having to log on

Shutdown: Clear virtual memory pagefile

System cryptography: Use FIPS compliant algorithms for encryption, hashing, a

System cryptography: Force strong key protection for user keys stored on the

System objects: Default owner for objects created by members of the Administr

System objects: Require case insensitivity for non-Windows subsystems

System objects: Strengthen default permissions of internal system objects (e.g.

System settings: Optional subsystems

System settings: Use Certificate Rules on Windows Executables for Software Res

User Account Control: Admin Approval Mode for the Built-in Administrator acco

User Account Control: Behavior of the elevation prompt for administrators in

User Account Control: Behavior of the elevation prompt for standard users

User Account Control: Detect application installations and prompt for elevation

User Account Control: Only elevate executables that are signed and validated

User Account Control: Run all administrators in Admin Approval Mode

User Account Control: Switch to the secure desktop when prompting for elevati

User Account Control: Virtualize file and registry write failures to per-user locati

User Account Control: Allow UIAccess applications to prompt for elevation with

Maximum application log size

Maximum security log size

Maximum system log size

Prevent local guests group from accessing application log

Prevent local guests group from accessing security log

Prevent local guests group from accessing system log

Retain application log

Retain security log

Retain system log

Retention method for application log

Retention method for security log

Retention method for system log

Restricted Groups

System Services

Registry

File System

User Account Control: Only elevate UIAccess applications that are installed in secure locations

Supported On Registry Settings

At least Windows XP SP2, Windows Server 2003 Password Policy security settings are not registry keys.






At least Windows XP SP2, Windows Server 2003 Account Lockout Policy security settings are not registry keys.



At least Windows XP SP2, Windows Server 2003 Kerberos Policy security settings are not registry keys.





At least Windows XP SP2, Windows Server 2003 Audit Policy security settings are not registry keys.









At least Windows XP SP2, Windows Server 2003 User Rights security settings are not registry keys

At least Windows Vista, Windows Server 2008 User Rights security settings are not registry keys































Only Windows XP SP2 User Rights security settings are not registry keys













Windows XP SP2, Windows Server 2003 Not a registry key

Windows 8, Windows Server 2012 Not a registry key

At least Windows XP SP2, Windows Server 2003 Not a registry key

At least Windows XP SP2, Windows Server 2003



At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects


At least Windows Vista, Windows Server 2008

At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail








Only Windows XP SP2, Windows Server 2003 MACHINE\Software\Microsoft\Driver Signing\Policy

At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl









MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse

MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditingMACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy

MACHINE\SOFTWARE\policies\Microsoft\windows NT\DCOM\MachineAccessRestrictionMACHINE\SOFTWARE\policies\Microsoft\windows NT\DCOM\MachineLaunchRestrictionMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogonMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASDMACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDriversMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRomsMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies

MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrityMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChangeMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSealMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannelMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannelMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChangeMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAgeMACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey

At least Windows XP SP2, Windows Server 2003 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sys




















At least Windows 7, Windows Server 2008 R2











At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest

At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash


At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLev

At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientInteg

At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinC

At least Windows XP SP2, Windows Server 2003 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMin

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSe

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictRe

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditRecei

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAll

At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameter


At least Windows 7, Windows Server 2008 R2 MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId


Machine\Software\Microsoft\Windows\CurrentVersion\Policies\System, value=DontDisplayLockedUserIdMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD

MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeTextMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaptionMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarningMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogonMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOptionMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOptionMACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignatureMACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignatureMACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPasswordMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect

MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignatureMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignatureMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOffMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\SmbServerNameHardeningLevel

MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAMMACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousMACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCredsMACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymousMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipesMACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\MachineMACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\MachineMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionSharesMACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares

MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownullsessionfallback

MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnlineID










Windows XP SP2, Windows Server 2003













Only Windows XP SP2, Windows Server 2003 Event Log security settings are not registry keys.












Only Windows XP SP2, Windows Server 2003 Restricted Groups policy settings are not registry keys.

Only Windows XP SP2, Windows Server 2003 System Services policy settings are not registry keys.

Only Windows XP SP2, Windows Server 2003 not a registry key

Only Windows XP SP2, Windows Server 2003 File System policy settings are not registry keys.

MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypesMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevelMACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommandMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogonMACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdownMACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicyMACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtectionMACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwnerMACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitiveMACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionModeMACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optionalMACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabledSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorTokenSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdminSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUserSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetectionSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignaturesSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPathsSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUASOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktopSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualizationSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle

Help Text

This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities.

Enforce password history

Maximum password age

Minimum password age

Minimum password length

Password must meet complexity requirements

Store passwords using reversible encryption

Account lockout duration

Account lockout threshold

Reset account lockout counter after

Enforce user logon restrictions

Maximum lifetime for service ticket

Maximum lifetime for user ticket

Maximum lifetime for user ticket renewal

Maximum tolerance for computer clock synchronization

Audit account logon events

Audit account management

Audit directory service access

Audit logon events

Audit object access

Audit policy change

Audit privilege use

Audit process tracking

Audit system events

Access this computer from the network

Act as part of the operating system

Add workstations to domain

Adjust memory quotas for a process

Allow log on locally

Allow log on through Remote Desktop Services

Back up files and directories

Bypass traverse checking

Change the system time

Change the Time Zone

Create a pagefile

Create a token object

Create global objects

Create permanent shared objects

Create Symbolic Links

Debug programs

Deny access to this computer from the network

Deny log on as a batch job

Deny log on as a service

Deny log on locally

Deny log on through Remote Desktop Services

Enable computer and user accounts to be trusted for delegation

Force shutdown from a remote system

Generate security audits

Impersonate a client after authentication

Increase a process working set

Increase scheduling priority

Load and unload device drivers

Lock pages in memory

Log on as a batch job

Log on as a service

Log on locally

Manage auditing and security log

Modify an object label

Modify firmware environment values

Perform volume maintenance tasks

Profile single process

Profile system performance

Remove computer from docking station

Replace a process level token

Restore files and directories

Shut down the system

Synchronize directory service data

Take ownership of files or other objects

Accounts: Administrator account status

Accounts: Block Microsoft accounts

Accounts: Guest account status

Accounts: Limit local account use of blank passwords to console logon only

Accounts: Rename administrator account

Accounts: Rename guest account

Audit: Audit the access of global system objects

Audit: Audit the use of Backup and Restore privilege

Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.

Audit: Shut down system immediately if unable to log security audits

DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax

DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax

Devices: Allow undock without having to log on

Devices: Allowed to format and eject removable media

Devices: Prevent users from installing printer drivers when connecting to shared printers

Devices: Restrict CD-ROM access to locally logged-on user only

Devices: Restrict floppy access to locally logged-on user only

Devices: Unsigned driver installation behavior

Domain controller: Allow server operators to schedule tasks

Domain controller: LDAP server signing requirements

Domain controller: Refuse machine account password changes

Domain member: Digitally encrypt or sign secure channel data (always)

Domain member: Digitally encrypt secure channel data (when possible)

Domain member: Digitally sign secure channel data (when possible)

Domain member: Disable machine account password changes

Domain member: Maximum machine account password age

Domain member: Require strong (Windows 2000 or later) session key

Interactive Logon: Display user information when session is locked

Interactive logon: Do not display last user nameThis security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.

Interactive logon: Do not require CTRL+ALT+DEL

Interactive logon: Machine account threshold.The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that appropriate recovery password backup policies are enabled.Interactive logon: Machine inactivity limit.

Interactive logon: Message text for users attempting to log on

Interactive logon: Message title for users attempting to log on

Interactive logon: Number of previous logons to cache (in case domain controller is not available)

Interactive logon: Prompt user to change password before expiration

Interactive logon: Require Domain Controller authentication to unlock

Interactive logon: Require smart card

Interactive logon: Smart card removal behavior

Microsoft network client: Digitally sign communications (always)

Microsoft network client: Digitally sign communications (if server agrees)

Microsoft network client: Send unencrypted password to connect to third-party SMB servers

Microsoft network server: Amount of idle time required before suspending a session

Microsoft network server: Attempt S4U2Self to obtain claim information

Microsoft network server: Digitally sign communications (always)

Microsoft network server: Digitally sign communications (if client agrees)

Microsoft network server: Disconnect clients when logon hours expire

Microsoft network server: Server SPN target name validation level Network access: Allow anonymous SID/name translation

Network access: Do not allow anonymous enumeration of SAM accounts

Network access: Do not allow anonymous enumeration of SAM accounts and shares

Network access: Do not allow storage of credentials or .NET Passports for network authentication

Network access: Let Everyone permissions apply to anonymous users

Network access: Named pipes that can be accessed anonymously

Network access: Remotely accessible registry paths

Network access: Remotely accessible registry paths and subpaths

Network access: Restrict anonymous access to Named Pipes and Shares

Network access: Shares that can be accessed anonymously

Network access: Sharing and security model for local accounts

Network security: Do not store LAN Manager hash value on next password change

Network security: Force logoff when logon hours expire

Network security: LAN Manager authentication level Network security: LDAP client signing requirements

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

Network security: Restrict NTLM: Incoming NTLM traffic

Network security: Restrict NTLM: Audit Incoming NTLM Traffic

Network security: Restrict NTLM: NTLM authentication in this domain

Network security: Restrict NTLM: Audit NTLM authentication in this domain

Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication

Network security: Restrict NTLM: Add server exceptions in this domain

Network security: Allow LocalSystem NULL session fallback

Network security: Allow Local System to use computer identity for NTLM

Network security: Allow PKU2U authentication requests to this computer to use online identities.

Network security: Configure encryption types allowed for Kerberos

Recovery console: Allow automatic administrative logon

Recovery console: Allow floppy copy and access to all drives and all folders

Shutdown: Allow system to be shut down without having to log on

Shutdown: Clear virtual memory pagefile

System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms

System Cryptography: Force strong key protection for user keys stored on the computer

System objects: Default owner for objects created by members of the Administrators groupDescriptionSystem objects: Require case insensitivity for non-Windows subsystems

System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)

System settings: Optional subsystems

System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies

User Account Control: Admin Approval Mode for the Built-in Administrator account

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

User Account Control: Behavior of the elevation prompt for standard usersThis security setting determines the behavior of the elevation prompt for standard usersUser Account Control: Detect application installations and prompt for elevation

User Account Control: Only elevate executables that are signed and validated

User Account Control: Only elevate UIAccess applications that are installed in secure locations

User Account Control: Run all users, including administrators, as standard users.

User Account Control: Switch to the secure desktop when prompting for elevation

User Account Control: Virtualizes file and registry write failures to per-user locations

User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.

Maximum application log size

Maximum security log size

Maximum system log size

Prevent local guests group and ANONYMOUS LOGIN users from accessing application log

Prevent local guests group and ANONYMOUS LOGIN users from accessing security log

Prevent local guests group and ANONYMOUS LOGIN users from accessing system log

Retain application log

Retain security log

Retain system log

Retention method for application log

Retention method for security log

Retention method for system log

Restricted Groups

System Services security settings

Registry security settings

File System security settings

Comments

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

Reboot Required

clients will get the new setting after a maximum of 8 hours but for DCs to assign these new clients will get the new setting after a maximum of 8 hours but for DCs to assign these new clients will get the new setting after a maximum of 8 hours but for DCs to assign these new clients will get the new setting after a maximum of 8 hours but for DCs to assign these new clients will get the new setting after a maximum of 8 hours but for DCs to assign these new

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No

No Logoff required

No

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No Logoff required

No

No

No

No

No

Yes

Yes

No

Yes

No

No

No

No

No

No

No

No

Yes

No

No

No

No

No

No

No

No

Note: In Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and Note: See also the corresponding Windows Server 2003 Allow log on locally policy

For the policy change to take effect, the spooler service needs to be stopped/restarted, but

Restart of service might be sufficient

Important: In order to take advantage of this policy on member workstations and

Important: This setting applies to Windows 2000 computers, but it is not available through

No

No

No

No

No

No

No

No

No

No

No

Yes

Yes

Yes

Yes

No

Yes

No

No

No

No

No

No

No

No

Yes

No

No

Yes

Yes

No

No

No

No

Yes

No

No

No

No

No

No

No

No

No

No

No

No

Important: This setting applies to Windows 2000 computers, but it is not available through Important: This setting will apply to any computers running Windows 2000 through Only LogOff is required for W2K, XP and W2K3 computers. In Vista, start/restart the Important: For this policy to take effect on computers running Windows 2000, client-

Important: For this policy to take effect on computers running Windows 2000, server-

Important: This policy has no impact on domain controllers. For more information,

Important: The Network access: Remotely accessible registry paths security Important: On Windows XP, this security setting was called "Network access:

Important: This setting only affects computers running Windows XP Professional which are Important: Windows 2000 Service Pack 2 (SP2) and above offer compatibility with Important: This setting can affect the ability of computers running Windows 2000 Server, Warning: This setting will apply to any computers running Windows 2000 through Warning: This setting will apply to any computers running Windows 2000 through

No

No

No

No Requires logoff

Yes

No

Yes

No

Yes

Yes

Yes

No

No

No

No

No

No

No

Yes

No

No

No

No

No

No

No

No

No

No

No

No

No

No

No

Require restart of recovery consoleRequire restart of recovery console

Vista does NOT require reboot

Requires reboot with CNG on Vista; Does not require reboot with CAPI on Vista; Does not This policy does not exist on Vista

Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Notes: This setting does not appear in the Local Computer Policy object.Notes: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Notes: This setting does not appear in the Local Computer Policy object. Notes: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object.Note: This setting does not appear in the Local Computer Policy object. Note: This setting does not appear in the Local Computer Policy object.